Re: newB logging martians
From: ken king (kenkingNOSPAM@knology.net)Date: 03/25/02
- Next message: David: "Re: linux box compromised: advice needed"
- Previous message: Bit Twister: "Re: linux box compromised: advice needed"
- In reply to: David: "Re: newB logging martians"
- Next in thread: David: "Re: newB logging martians"
- Reply: David: "Re: newB logging martians"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: ken king <kenkingNOSPAM@knology.net> Date: Sun, 24 Mar 2002 17:37:18 -0600
David wrote:
> ken king wrote:
> >
> >
> > Yes, I know -- but the question is:
> > Is just a mis-configured machine(s)???
> > Is this just normal network traffic or could it be covert?
>
> Packets that have source addresses with no known route are referred to
> as "martians". For example, if you have two different subnets plugged
> into the same hub, the routers on each end will see each other as
> martians.
Ohoooo, I was thinking non-logical route -- like a internal IP addr showing
up on the external i/f. You have shed new light on this! Bare with me, I'm
trying to learn this networking stuff(one of the reasons for installing
Linux in the first place*). So, my log is basically just saying it has no
route to this address?
> To log such packets to the kernel log, which should never show
> up in the first place, you'll need to issue:
Which begs the question! eth1 is connected to a cable modem, why does it
[sometimes] see martians? Normal?
And what is destination 0.0.0.0? Is that a real address?
> if [ -r /proc/sys/net/ipv4/conf/all/log_martians ];
> then echo "Enabling logging of martians" echo "1" >
> /proc/sys/net/ipv4/conf/all/log_martians
> fi
>
> Or as mentioned in my previous post this can be done in /etc/sysctl.conf.
And that is where it is.
net.ipv4.conf.all.log_martians=1
> Hope this helps.
Yes, I think my understanding has increased somewhat -- thanks!
* Interesting side note: I built this machine and installed Linux so that I
could learn Linux, networking, and "dad" could have a machine to use (as the
kids were always on the other (win) box). Unfortunately, the family likes
Linux _MUCH_ better! So....I get stuck with the win box -- except for sysop
stuff.
>
> --
> Confucius say: He who play in root, eventually kill tree.
> Registered with the Linux Counter. http://counter.li.org
> ID # 123538
- Next message: David: "Re: linux box compromised: advice needed"
- Previous message: Bit Twister: "Re: linux box compromised: advice needed"
- In reply to: David: "Re: newB logging martians"
- Next in thread: David: "Re: newB logging martians"
- Reply: David: "Re: newB logging martians"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
