Ray Leach schrieb, On 01.04.2004 16:06:

On Thu, 2004-04-01 at 16:03, Sven Geipel wrote:

...

Hi,

today I had some strange log entries in my messages log:

[...]

...

...

Apr 1 15:00:27 linux kernel: Packet log: input DENY eth2 PROTO=6 91.168.63.123:51480 133.90.24.101:45686 L=40 S=0x00 I=53509 F=0x0000 T=64 SYN (#31) Apr 1 15:00:27 linux kernel: Packet log: input DENY eth2 PROTO=6 244.236.235.124:24475 140.202.207.61:13436 L=40 S=0x00 I=48522 F=0x0000 T=64 SYN (#31) Apr 1 15:00:27 linux kernel: Packet log: input DENY eth2 PROTO=6 104.161.59.77:33401 244.220.3.89:34119 L=40 S=0x00 I=28291 F=0x0000 T=64 SYN (#31) Apr 1 15:00:27 linux kernel: Packet log: input DENY eth2 PROTO=6 137.200.120.2:48503 5.116.24.73:14488 L=40 S=0x00 I=30175 F=0x0000 T=64 SYN (#31) Apr 1 15:00:27 linux kernel: Packet log: input DENY eth2 PROTO=6 189.114.54.9:42854 158.176.187.65:36878 L=40 S=0x00 I=36252 F=0x0000 T=64 SYN (#31) [...] Apr 1 15:00:28 linux kernel: Packet log: input DENY eth2 PROTO=6 xx.xx.xx.xx:10195 32.223.34.115:15138 L=40 S=0x00 I=8296 F=0x0000 T=30 (#31) [...] Apr 1 15:00:31 linux kernel: martian destination 26ae58f0 from e716450a, dev eth2 [...] Apr 1 15:00:37 linux kernel: Packet log: input DENY eth2 PROTO=6 171.15.231.59:25185 139.24.120.54:52550 L=40 S=0x00 I=42486 F=0x0000 T=64 SYN (#31) Apr 1 15:00:37 linux kernel: Packet log: input DENY eth2 PROTO=6 46.180.199.78:25009 170.227.122.106:64977 L=40 S=0x00 I=35370 F=0x0000 T=64 SYN (#31)

Has anyone an idea what this could be?

Yes, do a search on the web for 'martian destination' ...

Thanks, but this I made first of course. I know now what martian destination means, but how can I find out why and by what (machine) this packets are generated. And which role plays my extendnet print box xx.xx.xx.xx in this game? Why does it try to come to a AT&T address? best regards Sven

Daniel Lord schrieb, On 01.04.2004 16:53:

Hi Sven,

On Thu, Apr 01, 2004 at 04:23:39PM +0200, Sven Geipel wrote:

...

Thanks, but this I made first of course. I know now what martian destination means, but how can I find out why and by what (machine) this packets are generated. And which role plays my extendnet print box xx.xx.xx.xx in this game? Why does it try to come to a AT&T address?

Just have a look with tcpdump. HP Printers tend to phone home :( printerstatus, usage ... Also some have a network time client. Have a look at the traffic. This should make it clear whats going on.

Greetings Daniel

I had done a tcpdump, if I had a change. But these was the first time I saw these packets and only for these 10 seconds. No more packets before or after. So dump is really hard. And I also dont't know how to reproduce it. So I think the only thing I can do is to wait till it happens again... thanks and best regards Sven