[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Re: martian source messages [SOLVED]

To: suse-security@xxxxxxxx
Subject: [suse-security] Re: martian source messages [SOLVED]
From: Pep Serrano <mylists@xxxxxxxxxxxxxxxxxxxx>
Date: Sat, 20 Sep 2003 10:58:16 +0200
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Sat, 20 Sep 2003 11:30:37 +0200
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <E193DC5C554ED311911F006097A0F5CA43CC94@BEGEXCH>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <E193DC5C554ED311911F006097A0F5CA43CC94@BEGEXCH>
User-agent: KMail/1.4.3

Hi friends,

I get an answer from a friend of mine. This weird traffic comes from Blaster.
Check http://www.goonda.org/lists/dragonidsuser/2003-08/msg00095.htm to see 
the details.

My error was to monitor traffic on ppp0 and belive that packets from 127.0.0.1 
to my ppp0 IP was in the inside to ouside direction... Actually those packets 
were comming from outside to inside (from some clever windows guy). The 
lesson learn is that you must monitor traffic at least in two points when the 
packets are weird: if I had monitored at the same time my interface loopback 
(that simple god!) I would have seen there was no real traffic comming out 
from my local 127.0.0.1.

Now I ask myself, should'nt my ISP stop routing packets which contain a local 
127.0.0.0/32 IP as dest/orig ?

My second question is about how to stop that... Before turning off the martian 
logs (which I would like to keep on), I am going to try an iptables rule so I 
drop any packets comming to ppp0 from any 127.0.0.0/32. Anybody tried that 
already? Will that stop those blaster martian logs?  I'll try out and I'll 
tell you what happends.

Is hard to escape windows bullshit even for unix users... I propose a separate 
"winnet" optimized for their MMS needs!!!

Regards,
Pep Serrano.

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] Re: martian source messages [SOLVED]
  - From: Stoilis Giannis

References:
- AW: [suse-security] martian source messages
  - From: Wanning, Mike

Prev by Date: [suse-security] SuSE 7.0 "Backport" for OpenSSH RPM (was: Re: [suse-security] SuSE Security Announcement: openssh (second release) (SuSE-SA:2003:039))
Next by Date: [suse-security] sendmail patch is there... did i miss the announcement?
Previous by thread: AW: [suse-security] martian source messages
Next by thread: Re: [suse-security] Re: martian source messages [SOLVED]
Index(es):
- Date
- Thread