Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: kernel: martian source

from [Mihai Amarandei] Network Security [Permanent Link]
Subject: Re: kernel: martian source
Date: Wed, 25 May 2005 12:09:19 +0200 
Hope this helps
From:
http://www.absoluteastronomy.com/encyclopedia/M/Ma/Martian_packet.htm

" In a computer network, packets with source addresses not routable
by some computer on a network segment are referred to as
martians or "packets from Mars", on the grounds that they are of no
evident "terrestrial" (i.e. normal) source. Martian packets can arise
from network equipment malfunction, misconfiguration of a host, or
simple coexistence of two logical networks on a single physical
layer. For instance, if the IP networks 192.168.34.0/24 and
10.2.3.0/24 operate on the same Ethernet segment, packets from
10.2.3.4 are Martians to the computer at 192.168.34.9, and vice
versa."

--
Mihai Amarandei-Stavila - Xmco Partners
Consultant Sécurité / Test d'intrusion

tel  : 33 1 47 34 68 61
web  : http://www.xmcopartners.com
Villa Gabrielle 75015 PARIS
Pers. Blog  : http://secinternship.blogspot.com




Ben wrote:

Hi

I have messages like the following line in my log file, what can I do about it?

kernel: martian source [server IP] from 68.50.206.106, on dev eth0

This happens after the IP 68.50.206.106 has been dropped by PortSentry.

I have Swatch, PortSentry, Snort and GIPTables running on my CentOS 4.0 server.

I contacted my ISP and they told me that I should be worried. I
googled these keywords but did not find any information that I could
use to fix this.

Should I be worried?

Thanks,
Ben





[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: kernel: martian source, Cory Stoker
Next by Date:  Re: kernel: martian source, Peter Hunt
Previous by Thread:  Re: kernel: martian source, Cory Stoker
Next by Thread:  Re: kernel: martian source, Peter Hunt
Indexes:  [Date] [Thread] [Top] [All Lists]