--- Bryan Phinney <[EMAIL PROTECTED]> wrote: > On Wednesday 03 March 2004 09:37 am, Mike Fehse > wrote: > > > Are you refering to log entries in your Intrudsion > > Detection System (IDS) from your internet/intranet > > connection? > > No, kernel logging of martian source packets which > are packets that are expected to come from a > particular route but are somehow seen or directed to
> an alternate one. In my case, packets bound for > loopback device that somehow get directed to eth0 and > are thus seen as foreign or "martian." > > > If so, then a better place to post this > > information may be the firewall mailing list. > > None the less, I would be interested, as I am a > > member on the IPCops.net forums for the IPCop > > firewall, and any insights or help is much > > apreaciated. > > Are you seeing martian source headers being logged > in syslog on your system? > -- > Bryan Phinney > Software Test Engineer Hi Bryan, I use a firewall called IPCop, that was originaly based on Smoothwall. Both are Linux-based products, using iptables, squid, and snot, with some custom coding thrown in for good messure. IPCop's development team has theire web site at www.ipcop.org, while the un-official user support forum, which I belong to, is located at www.ipcops.net We have about six topics that deal with martians, and it pops up regularly, hence, my interest. Some times it is after a nasty day of mblaster, code_red, and so forth, that some of our users find the little green guys in the IDS logs. Other times, just adding a computer, or a new program, to theire LAN does the same. Since we can't always determind the problem, just adding to the knowldge base is a help. Would you mind if I added your experiance to our FAQ? ===== Mike (a.k.a. AWEV) RLU 347983 __________________________________ Do you Yahoo!? Yahoo! Search - Find what you’re looking for faster http://search.yahoo.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
