New subject: [SLE] Martian Source Help

9 Jan 2004

      I looked in the archives, but the previous posts on this topic didn't
say for sure whether these log entries are benign (or not).

Anyone care to hazard a guess at the interpretation of the following
entries?

Note that the machine generating these messages has a fixed private IP
address of 192.168.15.225, runs Samba server and connects to the
Internet (via wireless) through a SonicWall Tele3 appliance (if all of
that info is helpful).

Thanks!

Jan  8 20:33:13 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=259 TOS=0x00 PREC=0x00
TTL=64 ID=6763 DF PROTO=UDP SPT=138 DPT=138 LEN=239 
Jan  8 20:33:13 outside kernel: martian source 192.168.15.255 from
192.168.15.225, on dev wlan0
Jan  8 20:33:13 outside kernel: ll header:
ff:ff:ff:ff:ff:ff:00:80:c8:16:38:4a:08:00
Jan  8 20:33:13 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6764 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:13 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6765 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:13 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6766 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:13 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6767 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:13 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6768 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:13 outside kernel: martian source 192.168.15.255 from
192.168.15.225, on dev wlan0
Jan  8 20:33:13 outside kernel: ll header:
ff:ff:ff:ff:ff:ff:00:80:c8:16:38:4a:08:00
Jan  8 20:33:13 outside kernel: martian source 192.168.15.255 from
192.168.15.225, on dev wlan0
Jan  8 20:33:13 outside kernel: ll header:
ff:ff:ff:ff:ff:ff:00:80:c8:16:38:4a:08:00
Jan  8 20:33:13 outside kernel: martian source 192.168.15.255 from
192.168.15.225, on dev wlan0
Jan  8 20:33:13 outside kernel: ll header:
ff:ff:ff:ff:ff:ff:00:80:c8:16:38:4a:08:00
Jan  8 20:33:13 outside kernel: martian source 192.168.15.255 from
192.168.15.225, on dev wlan0
Jan  8 20:33:13 outside kernel: ll header:
ff:ff:ff:ff:ff:ff:00:80:c8:16:38:4a:08:00
Jan  8 20:33:13 outside kernel: martian source 192.168.15.255 from
192.168.15.225, on dev wlan0
Jan  8 20:33:13 outside kernel: ll header:
ff:ff:ff:ff:ff:ff:00:80:c8:16:38:4a:08:00
Jan  8 20:33:14 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=259 TOS=0x00 PREC=0x00
TTL=64 ID=6769 DF PROTO=UDP SPT=138 DPT=138 LEN=239 
Jan  8 20:33:15 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6770 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:15 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6771 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:15 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6772 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:15 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6773 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:15 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6774 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:15 outside kernel: martian source 192.168.15.255 from
192.168.15.225, on dev wlan0
Jan  8 20:33:15 outside kernel: ll header:
ff:ff:ff:ff:ff:ff:00:80:c8:16:38:4a:08:00
Jan  8 20:33:15 outside kernel: martian source 192.168.15.255 from
192.168.15.225, on dev wlan0
Jan  8 20:33:15 outside kernel: ll header:
ff:ff:ff:ff:ff:ff:00:80:c8:16:38:4a:08:00
Jan  8 20:33:15 outside kernel: martian source 192.168.15.255 from
192.168.15.225, on dev wlan0
Jan  8 20:33:15 outside kernel: ll header:
ff:ff:ff:ff:ff:ff:00:80:c8:16:38:4a:08:00
Jan  8 20:33:15 outside kernel: martian source 192.168.15.255 from
192.168.15.225, on dev wlan0
Jan  8 20:33:15 outside kernel: ll header:
ff:ff:ff:ff:ff:ff:00:80:c8:16:38:4a:08:00
Jan  8 20:33:16 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6775 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:16 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6776 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:16 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6777 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:16 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6778 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:16 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6779 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:17 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6780 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:17 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6781 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:17 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6782 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:17 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6783 DF PROTO=UDP SPT=137 DPT=137 LEN=76 
Jan  8 20:33:17 outside kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=wlan0 OUT=
MAC= SRC=192.168.15.225 DST=192.168.15.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6784 DF PROTO=UDP SPT=137 DPT=137 LEN=76 

-- 
______________________________________________________________
L. Mark Stone
President
Reliable Networks of Maine, LLC
477 Congress Street, 5th Floor
Portland, ME 04107

Tel: (207) 772-5678
Cell: (917) 597-2057
Email: LMStone@RNoME.com
Web: http://www.RNoME.com

Martian Source Help

L. Mark Stone

Carlos E. R.

L. Mark Stone

Carlos E. R.

L. Mark Stone

Dylan

tags

participants (3)