On Thu, Oct 24, 2002 at 07:48:58AM +0200, Grosswiler Roger wrote:
ll header: ff:ff:ff:ff:ff:ff:00:09:7b:8d:08:54:08:00 ^^^^^^^^^^^^^^^^^ This does not really seem to be a MAC-Adress..
What makes you think so? The kernel logs the low-level header, which, in this case, is an Ethernet header. An Ethernet header looks like this: 6 bytes of destination MAC. A MAC of all ones is the Ethernet broadcast address. 6 bytes of source MAC. 00:09:7b:8d:08:54 in this case 2 bytes of either packet length for LLC and all thast garbage, or a packet type. 0x800 is the packet type for IP. All you need to do is find the host on your networks that has an Ethernet card with said MAC address. One possible explanation for this case of Martians may be that you have a machine with two network cards connected to the same physical network; either by design or accident. Which would explain why the kernel printk is only triggered by broadcasts. My guess is that this is more of a misconfiguration issue than a security related problem.
I found another link...how about this one?
Which one? :) Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann