Re: mystery martian source from 127.0.0.1
- From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
- Date: Thu, 08 Dec 2005 13:57:09 -0600
On Wed, 07 Dec 2005, in the Usenet newsgroup comp.os.linux.security, in article
<dn7gjn$b54$1@xxxxxxxxxxxxxxx>, EricT wrote:
>xx:xx:xx:xx:xx:xx is the HWAddr of eth0, the rest of the header
>(00:09:7b:8d:98:70:08:00) is absolutly unknown to me.
[compton ~]$ etherwhois 00:09:7b
00-09-7B (hex) Cisco Systems
00097B (base 16) Cisco Systems
80 West Tasman Dr.
SJ-M/1
San Jose CA 95134
UNITED STATES
[compton ~]$
Probably your cable modem or DSL router. You'd have to look at the TTLa
to see if that's the source, or the crap is really coming from "outside".
>the traffic is coming from 127.0.0.1:80 (referring to tcpdump).
>Unfortunatly, i cannot post any output of tcpdump, since these messages
>(packets) occur arbitrary.
man tcpdump and look at the filtering algorithms. Something like
tcpdump -i eth0 src host 127.0.0.1 -s 1500 -vv
Old guy
.
- Follow-Ups:
- Re: mystery martian source from 127.0.0.1
- From: EricT
- Re: mystery martian source from 127.0.0.1
- From: EricT
- Re: mystery martian source from 127.0.0.1
- References:
- mystery martian source from 127.0.0.1
- From: EricT
- mystery martian source from 127.0.0.1
- Prev by Date: Re: Security-oriented distro?
- Next by Date: Re: mystery martian source from 127.0.0.1 - more details
- Previous by thread: Re: mystery martian source from 127.0.0.1 - more details
- Next by thread: Re: mystery martian source from 127.0.0.1
- Index(es):
Relevant Pages
|
