1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-discuss] Odd entry in log file
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Odd%20entry%20in%20log%20file&In-Reply-To=%3C4FA701E9.5050402%40Rock3d.net%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="007224.html">
<LINK REL="Next" HREF="007226.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-discuss] Odd entry in log file</H1>
<B>imnotpc</B>
<A HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Odd%20entry%20in%20log%20file&In-Reply-To=%3C4FA701E9.5050402%40Rock3d.net%3E"
TITLE="[Mageia-discuss] Odd entry in log file">imnotpc at Rock3d.net
</A><BR>
<I>Mon May 7 00:57:45 CEST 2012</I>
<P><UL>
<LI>Previous message: <A HREF="007224.html">[Mageia-discuss] Odd entry in log file
</A></li>
<LI>Next message: <A HREF="007226.html">[Mageia-discuss] Odd entry in log file
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#7225">[ date ]</a>
<a href="thread.html#7225">[ thread ]</a>
<a href="subject.html#7225">[ subject ]</a>
<a href="author.html#7225">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On 05/06/2012 06:38 PM, Frank Griffin wrote:
><i> On 05/06/2012 02:23 PM, imnotpc wrote:
</I>>><i> Some of my mga2 boxes are recording lines like this:
</I>>><i>
</I>>><i> May 5 08:42:38 Cedar1 kernel: [2420746.469695] ll header:
</I>>><i> 00:11:09:01:8f:2b:00:18:4d:9d:dc:39:08:00
</I>>><i> May 5 08:42:38 Cedar1 kernel: [2420746.470060] martian source
</I>>><i> 173.194.74.154 from 192.168.3.2, on dev eth0
</I>>><i>
</I>>><i>
</I>>><i> I don't know about 'martian', but those IPs are indeed unfamiliar and
</I>>><i> not anything I'm aware of. Any idea what is causing this and if it is
</I>>><i> something to be concerned about?
</I>><i> Martians are IP packets which have a source or destination IP address
</I>><i> that is in one of the "internal" ranges that are defined only for
</I>><i> private network use, such as 10.x.x.x or 192.168.x.x.
</I>><i>
</I>><i> The message is less than clear, since both IPs are identified as
</I>><i> "source" or "from", which leaves you guessing as to which was the
</I>><i> source and which was the target, but the 192,168.3.2 address is the
</I>><i> culprit.
</I>><i>
</I>><i> Either you're sending the packet, in which case you have a problem
</I>><i> that needs to be addressed, or someone else is in which case you can
</I>><i> ignore the message.
</I>
My thanks to you, Maarten, and Doug for replying. I knew that packets in
private subnets are never forwarded by routers, one of the basic
security features of the IPV4 system. I had never heard them referred to
as martian before, but the name makes sense. Based on the destination of
the packets (Google, Facebook), my assumption is that these are not
malicious, and based on my knowledge of my network, I believe these are
originating from the wireless hosts as Doug indicated. I guess the only
part I still don't understand is how these packets are reaching the
kernel of the gateway through NAT and firewalls? Perhaps there is
something I don't understand about how IP traffic moves between hosts.
Jeff
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="007224.html">[Mageia-discuss] Odd entry in log file
</A></li>
<LI>Next message: <A HREF="007226.html">[Mageia-discuss] Odd entry in log file
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#7225">[ date ]</a>
<a href="thread.html#7225">[ thread ]</a>
<a href="subject.html#7225">[ subject ]</a>
<a href="author.html#7225">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-discuss">More information about the Mageia-discuss
mailing list</a><br>
</body></html>
|
