Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [suse-security] martian source messages
From: Thomas Schweiger (El_Donschweigisito.de)
Date: Wed Sep 17 2003 - 13:29:35 CDT
On Wed, 17 Sep 2003, Pep Serrano wrote:
> Hi all
> I am getting the following martian kernel messages since I changed my ISP:
> martian source 220.127.116.11 from 127.0.0.1, on dev ppp0
> ll header: 45:08:00:28:da:b8:00:00:7d:06:b5:27:7f:00:00:01:51:38:dd:ae:00:50
> Now here is the configuration of my box:
> I have an ADSL/Ethernet modem on ppp0:
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:18.104.22.168 P-t-P:192.168.254.254
This looks strange. The P-t-P should be an IP of your ISP (your next
hop to the internet).
If you're using rp-pppoe there is a switch "DEFAULTROUTE=" in your
/etc/ppp/pppoe.conf. It have to be like this
<!-- snip # /etc/ppp/pppoe.conf -->
# Make the PPPoE connection your default route. Set to
# DEFAULTROUTE=no if you don't want this.
<!-- snap -->
If your're using smpppd change it against the rp-ppppoe. (I hate smpppd)
> FW_DEV_EXT="ppp0 eth0"
This is not an external device.
> FW_DEV_INT="lo eth1"
I think that's not allowed.
> I don't see where I am getting these "martian packets" from. I need some
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here