New subject: [suse-security] Martian source

20 Jul 2000

      Hi, 

I know this suject was brought up first in Jan, then in July again.
However, there is nothing in the way of documentation (I think I found
about three lapidary lines) to really let one know, as another
questioner wanted to, whether this is at all a security issue.  Put
another way, what is the utility of this obscure kernel function? How
are we to use the information so gained?

Twice now I have had kernel messages like the following:

Jul 20 12:20:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:20:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:22:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:22:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:24:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:24:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:26:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:26:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:26:55 raven kernel:  hdd: hdd4
Jul 20 12:28:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:28:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:29:44 raven kernel:  hdd: hdd4
Jul 20 12:30:25 raven kernel:  hdd: hdd4
Jul 20 12:30:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:30:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:32:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:32:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:34:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:34:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:36:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:36:42 raven kernel: ll header: 45 00 00 28

The first time, I put it down to my accidentally having opened two
PPPoE connections at the sime time.  Since I don't know the
intricacies of these things, I left it at that.  This time, however,
the messages were interspersed with firewall messages (see below, for
the brave/generous).  Note that again ppp1 is showing as registered in
addition to ppp0, though this time I had not started another PPPoE
session by mistake.  Additionally, when I terminated the PPPoE session
(this should stop all of them) and ran a ps waux, I noticed three
other PPPoE processes running, though I had not started them.
Everything else is normal, at least in the sense that it has never
caused trouble before.  Now at the same time you see the firewall
logging a bunch of dsl/cable modem user connection attempts (on ports
I could not identify).  My first intuition is that these are entirely
unrelated to the martian messages, but without a true understanding of
these things or informative documentation I can't really tell.

This is probaly a trivial issue, so sorry for time-wasting.  However
as it has come up more than once, perhaps someone knowledgeable could
provide a little information, for the record, as to how we might evaluate such
messages.  If there are no such criteria, then I guess I will just
disable this logging "feature".

Thanks,

Corvin

Jul 20 12:18:21 raven kernel: IPv6 v0.8 for NET4.0   Jul 20 12:18:21 raven kernel: IPv6 over IPv4 tunneling driver
Jul 20 12:18:42 raven kernel: eth0: no IPv6 routers present
Jul 20 12:18:42 raven kernel: eth0: no IPv6 routers present
Jul 20 12:19:47 raven kernel: pppoe uses obsolete (PF_INET,SOCK_PACKET)
Jul 20 12:19:47 raven kernel: registered device ppp0
Jul 20 12:19:53 raven kernel: PPP BSD Compression module registered
Jul 20 12:19:53 raven kernel: PPP Deflate Compression module registered
Jul 20 12:20:08 raven kernel: eth0: no IPv6 routers present
Jul 20 12:20:08 raven kernel: eth0: no IPv6 routers present   
Jul 20 12:20:13 raven kernel: registered device ppp1
Jul 20 12:20:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:20:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:22:21 raven kernel: Packet log: input DENY ppp0 PROTO=17 64.217.199.49:3407 216.209.63.6$
Jul 20 12:22:23 raven kernel: Packet log: input DENY ppp0 PROTO=17 64.217.199.49:3407 216.209.63.6$
Jul 20 12:22:25 raven kernel: Packet log: input DENY ppp0 PROTO=17 64.217.199.49:3407 216.209.63.6$
Jul 20 12:22:27 raven kernel: Packet log: input DENY ppp0 PROTO=17 64.217.199.49:3407 216.209.63.6$
Jul 20 12:22:29 raven kernel: Packet log: input DENY ppp0 PROTO=17 64.217.199.49:3407 216.209.63.6$
Jul 20 12:22:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:22:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:23:54 raven kernel: Packet log: input DENY ppp0 PROTO=17 64.13.212.96:1045 216.209.63.62$
Jul 20 12:23:56 raven kernel: Packet log: input DENY ppp0 PROTO=17 64.13.212.96:1045 216.209.63.62$
Jul 20 12:24:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:24:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:24:49 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.218.40.71:4042 216.209.63.62$
Jul 20 12:24:52 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.218.40.71:4042 216.209.63.62$
Jul 20 12:24:52 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.218.40.71:4042 216.209.63.62$
Jul 20 12:24:54 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.218.40.71:4042 216.209.63.62$
Jul 20 12:24:56 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.218.40.71:4042 216.209.63.62$
Jul 20 12:24:56 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.14.254.254:2329 216.209.63.6$
Jul 20 12:24:58 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.14.254.254:2329 216.209.63.6$
Jul 20 12:24:59 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.14.254.254:2329 216.209.63.6$
Jul 20 12:25:00 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.14.254.254:2329 216.209.63.6$
Jul 20 12:25:02 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.14.254.254:2329 216.209.63.6$
Jul 20 12:25:18 raven kernel: Packet log: input DENY ppp0 PROTO=17 64.188.39.98:3898 216.209.63.62$
Jul 20 12:25:20 raven kernel: Packet log: input DENY ppp0 PROTO=17 64.188.39.98:3898 216.209.63.62$
Jul 20 12:25:22 raven kernel: Packet log: input DENY ppp0 PROTO=17 64.188.39.98:3898 216.209.63.62$
Jul 20 12:25:24 raven kernel: Packet log: input DENY ppp0 PROTO=17 64.188.39.98:3898 216.209.63.62$
Jul 20 12:25:25 raven kernel: Packet log: input DENY ppp0 PROTO=17 64.217.199.49:4638 216.209.63.6$
Jul 20 12:25:25 raven kernel: Packet log: input DENY ppp0 PROTO=17 64.188.39.98:3898 216.209.63.62$
Jul 20 12:25:28 raven kernel: Packet log: input DENY ppp0 PROTO=17 63.201.90.0:4682 216.209.63.62:$
Jul 20 12:25:28 raven kernel: Packet log: input DENY ppp0 PROTO=17 63.201.90.0:4682 216.209.63.62:$
Jul 20 12:25:28 raven kernel: Packet log: input DENY ppp0 PROTO=17 63.201.90.0:4682 216.209.63.62:$
Jul 20 12:26:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:26:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:26:55 raven kernel: hdd: 98304kB, 196608 blocks, 512 sector size
Jul 20 12:26:55 raven kernel: VFS: Disk change detected on device ide1(22,68)
Jul 20 12:26:55 raven kernel:  hdd: hdd4
Jul 20 12:28:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:28:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:29:42 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.1.233.183:2874 216.209.63.62$
Jul 20 12:29:44 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.1.233.183:2874 216.209.63.62$
Jul 20 12:29:44 raven kernel: VFS: Disk change detected on device ide1(22,68)
Jul 20 12:29:44 raven kernel:  hdd: hdd4
Jul 20 12:29:46 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.1.233.183:2874 216.209.63.62$
Jul 20 12:29:48 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.1.233.183:2874 216.209.63.62$
Jul 20 12:29:50 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.1.233.183:2874 216.209.63.62$
Jul 20 12:29:58 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.12.158.209:3857 216.209.63.6$
Jul 20 12:30:00 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.12.158.209:3857 216.209.63.6$
Jul 20 12:30:02 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.12.158.209:3857 216.209.63.6$
Jul 20 12:30:04 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.12.158.209:3857 216.209.63.6$
Jul 20 12:30:06 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.12.158.209:3857 216.209.63.6$
Jul 20 12:30:25 raven kernel: VFS: Disk change detected on device ide1(22,68)
Jul 20 12:30:25 raven kernel:  hdd: hdd4
Jul 20 12:30:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:30:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:32:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:32:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:33:19 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.19.92.38:1214 216.209.63.62:$
Jul 20 12:33:21 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.19.92.38:1214 216.209.63.62:$
Jul 20 12:33:23 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.19.92.38:1214 216.209.63.62:$
Jul 20 12:33:25 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.19.92.38:1214 216.209.63.62:$
Jul 20 12:33:27 raven kernel: Packet log: input DENY ppp0 PROTO=17 24.19.92.38:1214 216.209.63.62:$
Jul 20 12:33:53 raven kernel: Packet log: input DENY ppp0 PROTO=17 164.113.56.203:2642 216.209.63.$
Jul 20 12:34:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:34:42 raven kernel: ll header: 45 00 00 28
Jul 20 12:36:42 raven kernel: martian source 09da30d0 for ca3fd1d8, dev ppp1
Jul 20 12:36:42 raven kernel: ll header: 45 00 00 28         

-- 
Corvin Russell <corvinr@sympatico.ca>

Martian source

Corvin Russell

Thomas Forbriger

Corvin Russell

Corvin Russell

Eduardo Carriles

tags

participants (3)