Hi, today I had some strange log entries in my messages log: External source addresses to external dest address on my internal interface. And these exactly 10 seconds! Sometimes in this 10 seconds a internal address xx.xx.xx.xx tried to connect to a external address from AT&T. These address is a HP Deskjet 1120 on a ExtendNet SX (ESI 2841) printserver box. And there were messages with "martian destination" in these 10 seconds too. Some of these addresses are reserved, some are official addresses.
Apr 1 15:00:27 linux kernel: Packet log: input DENY eth2 PROTO=6 91.168.63.123:51480 133.90.24.101:45686 L=40 S=0x00 I=53509 F=0x0000 T=64 SYN (#31) Apr 1 15:00:27 linux kernel: Packet log: input DENY eth2 PROTO=6 244.236.235.124:24475 140.202.207.61:13436 L=40 S=0x00 I=48522 F=0x0000 T=64 SYN (#31) Apr 1 15:00:27 linux kernel: Packet log: input DENY eth2 PROTO=6 104.161.59.77:33401 244.220.3.89:34119 L=40 S=0x00 I=28291 F=0x0000 T=64 SYN (#31) Apr 1 15:00:27 linux kernel: Packet log: input DENY eth2 PROTO=6 137.200.120.2:48503 5.116.24.73:14488 L=40 S=0x00 I=30175 F=0x0000 T=64 SYN (#31) Apr 1 15:00:27 linux kernel: Packet log: input DENY eth2 PROTO=6 189.114.54.9:42854 158.176.187.65:36878 L=40 S=0x00 I=36252 F=0x0000 T=64 SYN (#31) [...] Apr 1 15:00:28 linux kernel: Packet log: input DENY eth2 PROTO=6 xx.xx.xx.xx:10195 32.223.34.115:15138 L=40 S=0x00 I=8296 F=0x0000 T=30 (#31) [...] Apr 1 15:00:31 linux kernel: martian destination 26ae58f0 from e716450a, dev eth2 [...] Apr 1 15:00:37 linux kernel: Packet log: input DENY eth2 PROTO=6 171.15.231.59:25185 139.24.120.54:52550 L=40 S=0x00 I=42486 F=0x0000 T=64 SYN (#31) Apr 1 15:00:37 linux kernel: Packet log: input DENY eth2 PROTO=6 46.180.199.78:25009 170.227.122.106:64977 L=40 S=0x00 I=35370 F=0x0000 T=64 SYN (#31)
Has anyone an idea what this could be? regards Sven ...sorry for my bad english