7 Dec
2004
7 Dec
'04
20:31
On Dec 7, Kai Schaetzl
I have some questions regarding the "martian source" iptables messages.
I'm getting a lot of messages like this:
Dec 7 20:17:44 nx02 kernel: martian source 212.112.233.242 from 127.0.0.1, on dev eth0 Dec 7 20:17:44 nx02 kernel: ll header: 00:01:80:35:86:44:00:02:7e:b0:6f:fc:08:00
in the IP tables log
00:02:7e:b0:6f:fc seems to be the offending remote network card, 00:02:7E is a cisco device 00:01:80 is AOpen, Inc. (according to http://standards.ieee.org/regauth/oui/oui.txt)
Maybe this can help you somehow, to find the offending machine. Markus