I have some questions regarding the "martian source" iptables messages. I'm getting a lot of messages like this: Dec 7 20:17:44 nx02 kernel: martian source 212.112.233.242 from 127.0.0.1, on dev eth0 Dec 7 20:17:44 nx02 kernel: ll header: 00:01:80:35:86:44:00:02:7e:b0:6f:fc:08:00 in the IP tables log 00:02:7e:b0:6f:fc seems to be the offending remote network card, grepping for that in the log reveals hundreds of different IP no.s sending packets to port 135 (where else ;-) I wonder if the IP no is faked or the MAC? Probability would have it that the IP no.s are faked, I think and it's always the same host? How to find out where that card is? On the other hand it could also be a widespread virus which sends the packets with alway the same faked MAC address. I googled for that address, but it's not mentioned anywhere. That "martian source" warning happens *much* less than those many connects from this MAC address, so I assume there might actually be no connection between the two things. What could be the cause for this? It happens only for two IPs which were added later to the machine and are not from the same subnet. There are actually IP no.s from three subnets on that machine. They seem to work just fine, though. Kai -- Kai Schätzl, Berlin, Germany