On Thursday 04 March 2004 09:37 pm, Terence Golightly wrote:
How might I track this address?
Do an ifconfig -a from your machines and that will give you the MAC address
of the machine. Just match them to the one from the martian source.
It looks like for some reason my ISP is responsible.
Bryan,
On Fri, 2004-03-05 at 20:37, Bryan Phinney wrote:
On Friday 05 March 2004 07:44 pm, Terence Golightly wrote:
They appear to be a regular pattern
You can check the timestamps, patterns are like clockwork although you may
have multiple sources that may throw it off.
Another
On Friday 05 March 2004 09:24 pm, Terence Golightly wrote:
The capture session could not be initiated (socket:Operation not
permitted). Please check to make sure you have sufficient permissions,
and that you have proper interface or pipe specified.
I ran it as user. Does it need to be run as
Bryan,
I just turned Shorewall on after modifying the /etc/X11/interfaces and a
shorewall restart from a root console.
On Wed, 2004-03-03 at 07:57, Bryan Phinney wrote:
Okay, just general information. Has anyone else on the list recently started
noticing a lot of martian source packets being
On Thursday 04 March 2004 08:28 pm, Terence Golightly wrote:
I get the kernel martian messages but they seem to be eminating from my
ISP or another source. I'll post the messages below:
kernelmartian source 151.201.29.xxx from 151.201.29.1 on dev eth0
The first IP is the
Bryan,
Thanks for your quick reply:
On Thu, 2004-03-04 at 21:01, Bryan Phinney wrote:
On Thursday 04 March 2004 08:28 pm, Terence Golightly wrote:
I get the kernel martian messages but they seem to be eminating from my
ISP or another source. I'll post the messages below:
kernel
--- Terence Golightly [EMAIL PROTECTED] wrote:
Bryan,
I just turned Shorewall on after modifying the
/etc/X11/interfaces and a
shorewall restart from a root console.
On Wed, 2004-03-03 at 07:57, Bryan Phinney wrote:
Okay, just general information. Has anyone else
on the list recently
Okay, just general information. Has anyone else on the list recently started
noticing a lot of martian source packets being logged from the kernel? If
so, I can probably help you to track down what is causing the entries and
also help you remove them.
I just spent the better half of a day
Let's see...
$ cat /etc/security/msec/level.local
from mseclib import *
enable_log_strange_packets(0)
Is this how you disabled the martian log? It made me crazy for some time
after installing shorewall in MDK9.1
I'd be insterested in what you found.
raffaele
[EMAIL PROTECTED] wrote:
Okay,
--- Bryan Phinney [EMAIL PROTECTED]
wrote:
Okay, just general information. Has anyone else on
the list recently started
noticing a lot of martian source packets being
logged from the kernel? If
so, I can probably help you to track down what is
causing the entries and
also help you
On Wednesday 03 March 2004 09:04 am, Raffaele Belardi wrote:
Let's see...
$ cat /etc/security/msec/level.local
from mseclib import *
enable_log_strange_packets(0)
Is this how you disabled the martian log? It made me crazy for some time
after installing shorewall in MDK9.1
I setup a
On Wednesday 03 March 2004 09:37 am, Mike Fehse wrote:
Are you refering to log entries in your Intrudsion
Detection System (IDS) from your internet/intranet
connection?
No, kernel logging of martian source packets which are packets that are
expected to come from a particular route but are
--- Bryan Phinney [EMAIL PROTECTED]
wrote:
On Wednesday 03 March 2004 09:37 am, Mike Fehse
wrote:
Are you refering to log entries in your Intrudsion
Detection System (IDS) from your internet/intranet
connection?
No, kernel logging of martian source packets which
are packets that
On Wednesday 03 March 2004 12:33 pm, Mike Fehse wrote:
Some times it is after a nasty day of mblaster,
code_red, and so forth, that some of our users find
the little green guys in the IDS logs.
Those would be the kind that you actually do want to be logged since it can be
evidence of
On Sun, 20 Jul 2003 09:29, Sharrea wrote:
Recently I got a satellite internet connection which uses a PCI Telemann
Skymedia 200DPA card. It was working fine until a few days ago when
suddenly all packets received via this card are dropped by the kernel
with the 'martian source' messages in
On Tue, 22 Jul 2003 08:19, Sharrea wrote:
Just thought I'd let everyone know in case it happens to someone else:
the answer was to issue the command (as root user):
echo 0 /proc/sys/net/ipv4/conf/all/rp_filter
Oops, forgot to mention: see kernel docs-
Configure.help from line 5220
Sharrea
Hi
Recently I got a satellite internet connection which uses a PCI Telemann
Skymedia 200DPA card. It was working fine until a few days ago when
suddenly all packets received via this card are dropped by the kernel with
the 'martian source' messages in syslog:
Jul 20 09:22:40 tbird kernel:
: Monday, 18 November 2002 10:33 PM
To: [EMAIL PROTECTED]
Subject: Re: [newbie] martian source on syslog
Thanks, but I am already behing a company firewall. I only want to stop
the kernel from logging the martian source message to prevent the
syslog from filling up with useless messages. Can that be done
Of Raffaele Belardi
Sent: Monday, 18 November 2002 10:33 PM
To: [EMAIL PROTECTED]
Subject: Re: [newbie] martian source on syslog
Thanks, but I am already behing a company firewall. I only want to stop
the kernel from logging the martian source message to prevent the
syslog from filling up with useless
Wonderful, thanks a lot, it did the trick! I am always amazed of how
easily can Linux kernel be reconfigured, provided you know how... :-)
Could you post the link you found?
Thanks again, you where very helpful!
raffaele
[EMAIL PROTECTED] wrote:
Try this line:
echo 0
20 matches
Mail list logo
