[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] martian source messages
Alle 10:23, giovedì 18 settembre 2003, Pep Serrano ha scritto:
> But is this the real cause of our martian logs?
> > On Sep 18, Roland Freeman <rolandfreeman@xxxxxxxxx> wrote:
> > > Pep, we have the same problem. My P-t-P router has a private ip address
> > > too. Everything works properly, except the marsians log.
> > A private IP address as gateway is not necessarily a problem. ISP's use
> > this to save IP addresses and it is in no way bad for anyone. As long as
> > they are not used in the route back to you, which isn't the case as you
> > stated.
> Last night I spent some time with ethereal tracking my traffic between the
> loopback and my ppp0. I could see there are some packets from localhost on
> port 80 to random ports of ppp0. This packet repeats abour every minute. I
> closed almost all services, disabled routing, no applications... lsof
> didn't show any process using localhost:80, and yet the werid traffic was
> still there.
> Pep Serrano.
I did the same, and found the same results. All the packets are from port 80
to a high port on ppp0. Logs report "ll header: 45:00:00:28"
While receiving this packets (from localhost:80) I am not even surfing the
web, but they still arrives.
All tcp packets I have seen have the RST ACK flags set.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here