* martians from myself?
@ 2002-09-13 14:28 Raymond Leach
2002-09-15 9:24 ` Antony Stone
2002-09-15 11:11 ` Martin Josefsson
0 siblings, 2 replies; 3+ messages in thread
From: Raymond Leach @ 2002-09-13 14:28 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 2314 bytes --]
Hi
Can someone tell me what would cause this:
Sep 13 16:32:07 firefly kernel: NET: 70 messages suppressed.
Sep 13 16:32:07 firefly kernel: martian source 108.122.0.0 from
127.0.0.75, on dev eth2
Sep 13 16:32:07 firefly kernel: ll header:
00:01:02:50:b8:9e:08:00:20:a5:04:26:08:00
Sep 13 16:32:07 firefly kernel: martian source 108.122.0.0 from
127.0.0.171, on dev eth2
Sep 13 16:32:07 firefly kernel: ll header:
00:01:02:50:b8:9e:08:00:20:a5:04:26:08:00
Sep 13 16:32:07 firefly kernel: martian source 108.122.0.0 from
127.0.0.208, on dev eth2
Sep 13 16:32:07 firefly kernel: ll header:
00:01:02:50:b8:9e:08:00:20:a5:04:26:08:00
Sep 13 16:32:07 firefly kernel: martian source 108.122.0.0 from
127.0.0.244, on dev eth2
Sep 13 16:32:07 firefly kernel: ll header:
00:01:02:50:b8:9e:08:00:20:a5:04:26:08:00
Sep 13 16:32:07 firefly kernel: martian source 108.122.0.0 from
127.0.0.64, on dev eth2
Sep 13 16:32:07 firefly kernel: ll header:
00:01:02:50:b8:9e:08:00:20:a5:04:26:08:00
Sep 13 16:32:07 firefly kernel: martian source 108.122.0.0 from
127.0.0.40, on dev eth2
Sep 13 16:32:07 firefly kernel: ll header:
00:01:02:50:b8:9e:08:00:20:a5:04:26:08:00
Sep 13 16:32:07 firefly kernel: martian source 108.122.0.0 from
127.0.0.151, on dev eth2
Sep 13 16:32:07 firefly kernel: ll header:
00:01:02:50:b8:9e:08:00:20:a5:04:26:08:00
Sep 13 16:32:07 firefly kernel: martian source 108.122.0.0 from
127.0.0.54, on dev eth2
Sep 13 16:32:07 firefly kernel: ll header:
00:01:02:50:b8:9e:08:00:20:a5:04:26:08:00
Sep 13 16:32:07 firefly kernel: martian source 108.122.0.0 from
127.0.0.211, on dev eth2
Sep 13 16:32:07 firefly kernel: ll header:
00:01:02:50:b8:9e:08:00:20:a5:04:26:08:00
Sep 13 16:32:07 firefly kernel: martian source 108.122.0.0 from
127.0.0.23, on dev eth2
Sep 13 16:32:07 firefly kernel: ll header:
00:01:02:50:b8:9e:08:00:20:a5:04:26:08:00
The MAC address in the ll header is the interface on my firewall.
Any help would be appreciated
Ray
--
----------------------------------------
Raymond Leach
Internet Infrastructure
Knowledge Factory
Tel: +27-11-445-8100 Fax: +27-11-445-8101
www: http://www.knowledgefactory.co.za
----------------------------------------
"It is a man's own fault if his mind grows
torpid in old age." - Samual Jackson
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: martians from myself?
2002-09-13 14:28 martians from myself? Raymond Leach
@ 2002-09-15 9:24 ` Antony Stone
2002-09-15 11:11 ` Martin Josefsson
1 sibling, 0 replies; 3+ messages in thread
From: Antony Stone @ 2002-09-15 9:24 UTC (permalink / raw)
To: netfilter
On Friday 13 September 2002 3:28 pm, Raymond Leach wrote:
> Hi
>
> Can someone tell me what would cause this:
>
> Sep 13 16:32:07 firefly kernel: martian source 108.122.0.0 from
> 127.0.0.75, on dev eth2
> Sep 13 16:32:07 firefly kernel: ll header:
> 00:01:02:50:b8:9e:08:00:20:a5:04:26:08:00
>
> The MAC address in the ll header is the interface on my firewall.
1. Do you recognise the address 108.122.0.0 ? Is it an address you use on
your network, or in your rules ?
2. What client / server processes do you have running on firefly ?
3. What SNAT rules do you have in your OUTPUT or POSTROUTNG chains ?
4. What addresses do you have assigned to the interfaces on firefly ?
You might want ot add some LOGging rules to your INPUT or OUTPUT chains to
look for this source address, and see what protocol is in the packets - that
might help to identify what service is generatng them.
I know this isn't an answer to your question, but I hope it helps you find
out the answer...
Antony.
--
Never write it in Perl if you can do it in Awk.
Never do it in Awk if sed can handle it.
Never use sed when tr can do the job.
Never invoke tr when cat is sufficient.
Avoid using cat whenever possible.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: martians from myself?
2002-09-13 14:28 martians from myself? Raymond Leach
2002-09-15 9:24 ` Antony Stone
@ 2002-09-15 11:11 ` Martin Josefsson
1 sibling, 0 replies; 3+ messages in thread
From: Martin Josefsson @ 2002-09-15 11:11 UTC (permalink / raw)
To: Raymond Leach; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 767 bytes --]
On Fri, 2002-09-13 at 16:28, Raymond Leach wrote:
> Hi
>
> Can someone tell me what would cause this:
>
> Sep 13 16:32:07 firefly kernel: martian source 108.122.0.0 from
> 127.0.0.23, on dev eth2
> Sep 13 16:32:07 firefly kernel: ll header:
> 00:01:02:50:b8:9e:08:00:20:a5:04:26:08:00
>
> The MAC address in the ll header is the interface on my firewall.
>
> Any help would be appreciated
so I assume 00:01:02:50:b8:9e is the macaddress of your interface?
(destination mac in the frame)
the packet is sent from 08:00:20:a5:04:26 with 127.0.0.23 as sourceip
(loopback ip), try to find out which machine on your network that is.
--
/Martin
Never argue with an idiot. They drag you down to their level, then beat
you with experience.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-09-15 11:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-09-13 14:28 martians from myself? Raymond Leach
2002-09-15 9:24 ` Antony Stone
2002-09-15 11:11 ` Martin Josefsson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox