On Thursday 04 March 2004 08:28 pm, Terence Golightly wrote: > I get the kernel martian messages but they seem to be eminating from my > ISP or another source. I'll post the messages below: > > kernel martian source 151.201.29.xxx from 151.201.29.1 on dev eth0
The first IP is the supposed target of the packets, the second is the supposed source. > kernel ll header:ff:ff:ff:ff:ff:ff:00:08:e3:b9:45:08:06 **Could this > be my MAC address That is supposed to be the MAC address of the source. You might be able to use this address to track down the origination of the martian packets. > 10.0.0.10 is designated in my hosts file as my machine name. > > I'm green when it comes to this security stuff. What is the 'quick' way > to stop these messages and I'll look at the shorewall site unless you > know of a better source on learning how to set this up better. Before you turn off logging of these kinds of messages, you need to be VERY sure that you trust your firewall to be actively blocking and adequately filtering packets. That is because these types of messages may indicate that someone is spoofing packets while trying to break into your system. If you are pretty sure that the packets are being sourced from internal machines and just showing up on the wrong interface, only then consider turning off logging. Figure out what the 151.201.x.x IP is and if it is in your control before you consider turning logging of martian packets off. -- Bryan Phinney Software Test Engineer
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
