Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: [suse-security] martian source messages
  • From: Ray Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: 18 Sep 2003 11:37:27 +0200
  • Message-id: <1063877847.9183.24.camel@xxxxxxxxxxxxxxxxx>
On Thu, 2003-09-18 at 10:23, Pep Serrano wrote:
> But is this the real cause of our martian logs?
>
>
> > On Sep 18, Roland Freeman <rolandfreeman@xxxxxxxxx> wrote:
> > > Pep, we have the same problem. My P-t-P router has a private ip address
> > > too. Everything works properly, except the marsians log.
>
> > A private IP address as gateway is not necessarily a problem. ISP's use
> > this to save IP addresses and it is in no way bad for anyone. As long as
> > they are not used in the route back to you, which isn't the case as you
> > stated.
>
>
> Last night I spent some time with ethereal tracking my traffic between the
> loopback and my ppp0. I could see there are some packets from localhost on
> port 80 to random ports of ppp0. This packet repeats abour every minute. I
> closed almost all services, disabled routing, no applications... lsof didn't
> show any process using localhost:80, and yet the werid traffic was still
> there.
>
That would be incoming web requests from machines on the other side of
your modem. Probably someone trying to see if you're running a web
server.

Log the packets and inspect the contents.

>
> Cheers
> Pep Serrano.
--
--
Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28
--
< Previous Next >
Follow Ups