Re: mystery martian source from 127.0.0.1
- From: EricT <ericteuber@xxxxxx>
- Date: Wed, 07 Dec 2005 23:17:21 +0100
Tauno Voipio wrote:
> Fairly probably the sender address - cannot say for sure.
> To be of any use, it should be in the same LAN with you.
>
> Are you in the hispeed.ch DSL network? If yes, it's probably
> a misconfigured / infected host in the same network. The reported
> source address is 80-219-238-182.dclient.hispeed.ch.
>
> You could set up iptables to trap and log all packets with
> the IP address 80.219.238.182.
>
> HTH
>
80-219-238-182.dclient.hispeed.ch is my external ip assigned by the ISP.
But still i don't know this strange HWAddr (00:09:7b:8d:98:70).
All the clients (including my firewall) within the highspeed network
have the same netmask. The IP's are received by DHCP broadcasts.
I have setup iptables, that's why i am wondering about these packets.
These packets are not logged by tcpdump from
80-219-238-182.dclient.hispeed.ch but from 127.0.0.1.
It is confusing as i already said.
.
- Follow-Ups:
- References:
- mystery martian source from 127.0.0.1
- From: EricT
- Re: mystery martian source from 127.0.0.1
- From: Tauno Voipio
- Re: mystery martian source from 127.0.0.1
- From: EricT
- Re: mystery martian source from 127.0.0.1
- From: Tauno Voipio
- mystery martian source from 127.0.0.1
- Prev by Date: Re: mystery martian source from 127.0.0.1
- Next by Date: Security-oriented distro?
- Previous by thread: Re: mystery martian source from 127.0.0.1
- Next by thread: Re: mystery martian source from 127.0.0.1 - more details
- Index(es):
Relevant Pages
|
