Mailinglist Archive: opensuse (3785 mails)
| < Previous | Next > |
Re: [SLE] Martian source
- From: Micxz <an_email@xxxxxxxxx>
- Date: Wed, 22 Oct 2003 13:04:46 -0700
- Message-id: <3F96E2DE.90109@xxxxxxxxx>
Carlos E. R. wrote:
Has anyone else figured out what this was? Today I got:
Oct 22 12:54:50 mars kernel: martian source xx.xxx.xx.xxx from 127.0.0.1, on dev ppp0
Oct 22 12:54:50 mars kernel: ll header: 45:08:00:28
mars:~ # tcpdump -X -s 0 -n -vvv net 127.0.0.1 -i any
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: listening on any
12:54:50.901690 127.0.0.1.80 > xx.xxx.xx.xxx.1947: R [tcp sum ok] 0:0(0) ack 1759903745 win 0 (ttl 126, id 61929, len 40)
0x0000 4500 0028 f1e9 0000 7e06 3050 7f00 0001 E..(....~.0P....
0x0010 42f8 589d 0050 079b 0000 0000 68e6 0001 B.X..P......h...
0x0020 5014 0000 2468 0000 P...$h..
Where xx.xxx.xx.xxx is my dialup IP on ppp0. I'm not sure what this means and I cannot read much of this packet info. Does anyone know why it's happening?
Interesting that it's on port 80 eh'
--
Micxz
The 03.09.16 at 16:45, Pep Serrano wrote:
martian source xxx.xxx.xxx.xxx from 127.0.0.1, on dev ppp0,
where xxx.xxx.xxx.xxx is my public IP, the IP address in the interface ppp0.
Me too, starting today, and some other people:
Oct 4 13:43:08 nimrodel kernel: martian source 212.166.94.23 from 127.0.0.1, on dev ppp0
Oct 4 13:43:08 nimrodel kernel: ll header: 45:08:00:28
Oct 4 13:43:58 nimrodel kernel: martian source 212.166.94.23 from 127.0.0.1, on dev ppp0
Oct 4 13:43:58 nimrodel kernel: ll header: 45:08:00:28
The address 212.166.94.23 is my IP, asigned temporarily for this
connection only by the my provider (tiscali), by modem. It is thus
impossible to receive from internet packets from the 127.0.0.1 address...
But we are!
That's why they named them "martian" source.
It must be some new worm, virus, or whatever.
Has anyone else figured out what this was? Today I got:
Oct 22 12:54:50 mars kernel: martian source xx.xxx.xx.xxx from 127.0.0.1, on dev ppp0
Oct 22 12:54:50 mars kernel: ll header: 45:08:00:28
mars:~ # tcpdump -X -s 0 -n -vvv net 127.0.0.1 -i any
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: listening on any
12:54:50.901690 127.0.0.1.80 > xx.xxx.xx.xxx.1947: R [tcp sum ok] 0:0(0) ack 1759903745 win 0 (ttl 126, id 61929, len 40)
0x0000 4500 0028 f1e9 0000 7e06 3050 7f00 0001 E..(....~.0P....
0x0010 42f8 589d 0050 079b 0000 0000 68e6 0001 B.X..P......h...
0x0020 5014 0000 2468 0000 P...$h..
Where xx.xxx.xx.xxx is my dialup IP on ppp0. I'm not sure what this means and I cannot read much of this packet info. Does anyone know why it's happening?
Interesting that it's on port 80 eh'
--
Micxz
| < Previous | Next > |