The 03.10.04 at 14:48, del-SLE wrote:
It is not a worm or virus! It's something to do with firewalling and localhost, I looked into this a couple of years ago. I've not used the Linux firewall tools for a long time, all hardware walls here now. Google has more info and, I think, that Suse has some on its own help dbase.
And first hit on google "martian source" <URL:http://cert.uni-stuttgart.de/archive/focus-linux/2003/05/ msg00001.html>
That links confirms exactly what I said. Regardless of what firewall you install, the fact is that a packet coming from internet, with an address 127.0.0.1 can not be, the address is faked, spoofed, and the ISP should not route it. (the hardware firewall will probably simply not report it) And the strange thing is that several people are noticing them recently: I have none listed for a whole year, they started this last September. Why? That's why I'm guessing at a virus or worm or exploit of some sort using those packets. -- Cheers, Carlos Robinson