Re: attack of the marsians
Hi,
i should have mentioned that our netmask is 255.255.254.0, so x.x.150.x and
x.x.151.x is in the same subnet
Jun 12 11:27:53 abyss kernel: martian source 10.10.150.2 from 10.10.151.43,
on dev eth0
Jun 12 11:27:53 abyss kernel: ll header:
ff:ff:ff:ff:ff:ff:00:00:1c:de:35:0e:08:06
the MAC is from 151.43, this is correct.
i get this messages now every minute
HTR
PDU
> On Tue, Jun 11, 2002 at 07:32:54PM +0200, Proud Debian-User wrote:
> > Jun 11 19:01:14 abyss kernel: martian source 10.10.151.255 from
> > 10.10.151.43, on dev eth0
> > Jun 11 19:03:19 abyss kernel: martian source 10.10.150.1 from
> 10.10.151.43,
> > on dev eth0
> Are these machines router with asymetric routing, i.e. packets to
> 10.10.151.x go out on eth0 but come in on eth1?
> Else try to ping them or look what arp -n says or do "tcpdump -v -n -s1500
> host 10.10.151.*" to figure out where they're coming from.
>
> HTH,
>
> -christian-
>
> --
> Christian Hammers WESTEND GmbH - Aachen und Dueren Tel
> 0241/701333-0
> ch@westend.com Internet & Security for Professionals Fax
> 0241/911879
> WESTEND ist CISCO Systems Partner - Authorized Reseller
>
--
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: