On Thursday 04 March 2004 09:37 pm, Terence Golightly wrote: > How might I track this address?
Do an ifconfig -a from your machines and that will give you the MAC address of the machine. Just match them to the one from the martian source. > It looks like for some reason my ISP is responsible. See below: > > Figure out what the 151.201.x.x IP is and if it is in your control before > > you consider turning logging of martian packets off. > > Heres a couple of nmap scans I ran awhile ago: > > Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2004-03-04 20:28 > EST > All 1644 scanned ports on A1-0-0-711067.DSL-RTR1.PITT2.verizon-gni.net > (151.201.29.1) are: closed I will note that it appears that this particular IP belongs to a DSL router, which makes sense if you have the same problem that I was reporting. Another thing to take a look at is if the martian source comes in regular intervals, every 30 seconds, 3 minutes, etc. I have seen people reporting these associated with fetchmail among other causes. Regular interval packets are more likely to be something innocuous, random packets are more likely to be associated with intrusion attempts. -- Bryan Phinney Software Test Engineer
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com