Re: mystery martian source from 127.0.0.1
- From: Tauno Voipio <tauno.voipio@xxxxxxxxxxxxx>
- Date: Wed, 07 Dec 2005 22:06:56 GMT
EricT wrote:
Tauno Voipio wrote:
The reported address contains both the Ethernet source address (00:09:7b:8d:98:70) and the IP protocol identifier (08:00).
Try to find the hardware with the Ethernet address above.
Thanks a lot Tauno,
this HWAddr does not belong to my LAN. Is it the receiver or the sender address of the packet? If it is the receiver address, how comes localhost is knowing about it?
Fairly probably the sender address - cannot say for sure. To be of any use, it should be in the same LAN with you.
Are you in the hispeed.ch DSL network? If yes, it's probably a misconfigured / infected host in the same network. The reported source address is 80-219-238-182.dclient.hispeed.ch.
You could set up iptables to trap and log all packets with the IP address 80.219.238.182.
HTH
--
Tauno Voipio tauno voipio (at) iki fi .
- Follow-Ups:
- Re: mystery martian source from 127.0.0.1
- From: EricT
- Re: mystery martian source from 127.0.0.1
- References:
- mystery martian source from 127.0.0.1
- From: EricT
- Re: mystery martian source from 127.0.0.1
- From: Tauno Voipio
- Re: mystery martian source from 127.0.0.1
- From: EricT
- mystery martian source from 127.0.0.1
- Prev by Date: Re: mystery martian source from 127.0.0.1
- Next by Date: Re: mystery martian source from 127.0.0.1
- Previous by thread: Re: mystery martian source from 127.0.0.1
- Next by thread: Re: mystery martian source from 127.0.0.1
- Index(es):
Relevant Pages
|
