Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: martian source messages [SOLVED]
  • From: Pep Serrano <mylists@xxxxxxxxxxxxxxxxxxxx>
  • Date: Sat, 20 Sep 2003 10:58:16 +0200
  • Message-id: <200309201058.16582.mylists@xxxxxxxxxxxxxxxxxxxx>
Hi friends,

I get an answer from a friend of mine. This weird traffic comes from Blaster.
Check http://www.goonda.org/lists/dragonidsuser/2003-08/msg00095.htm to see
the details.

My error was to monitor traffic on ppp0 and belive that packets from 127.0.0.1
to my ppp0 IP was in the inside to ouside direction... Actually those packets
were comming from outside to inside (from some clever windows guy). The
lesson learn is that you must monitor traffic at least in two points when the
packets are weird: if I had monitored at the same time my interface loopback
(that simple god!) I would have seen there was no real traffic comming out
from my local 127.0.0.1.

Now I ask myself, should'nt my ISP stop routing packets which contain a local
127.0.0.0/32 IP as dest/orig ?

My second question is about how to stop that... Before turning off the martian
logs (which I would like to keep on), I am going to try an iptables rule so I
drop any packets comming to ppp0 from any 127.0.0.0/32. Anybody tried that
already? Will that stop those blaster martian logs? I'll try out and I'll
tell you what happends.

Is hard to escape windows bullshit even for unix users... I propose a separate
"winnet" optimized for their MMS needs!!!

Regards,
Pep Serrano.

< Previous Next >
Follow Ups
References