Op zondag 06 mei 2012 21:12:14 schreef imnotpc: > On 05/06/2012 02:49 PM, Doug Lytle wrote: > > imnotpc wrote: > >> but wireless device access is more lenient. > > > > My thoughts would be someone connecting via the wireless with another > > interface connected as well. We have users that don't understand that > > they don't need to do both wireless and wired. Some times we see > > wireless, wired and vpn. > > > > Just a guess. > > > > Doug > > The problem with that is that the firewall rules on these boxes > immediately log and drop any packet that doesn't come from the subnet > assigned to that interface. I'm not an expert on iptables but I believe > that anything coming in on those interfaces would hit iptables and be > dropped before the kernel log. Even if the kernel saw them first I > should still see corresponding iptables log entries. The router boxes > don't have any wireless cards so they aren't generating these entries > that way. I don't know how a wireless host connecting to a wireless > router, which has a wired LAN IP on LAN facing interface and uses DHCP > for the wireless interface, is able to propagate a different IP address > all the way to the firewall without being translated or dropped. Very > curious. > > Jeff
Martians are http://en.wikipedia.org/wiki/Martian_packet . by default, kernels drop these, you can tune these things in /proc somewhere, thus also with sysctl. there may also be a setting about not logging them, best your read up on it, if you're interested.
