Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

martian source somebody wants to Own me?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Gentoo Server
Apprentice
Apprentice


Joined: 21 Jul 2003
Posts: 279
PostPosted: Mon Feb 16, 2004 11:35 pm    Post subject: martian source somebody wants to Own me? Reply with quote
Feb 17 00:20:45 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
- Last output repeated 5 times -


eb 16 23:22:16 [kernel] UDP: bad checksum. From 82.82.117.139:4672 to 172.176.76.63:6920 ulen 28
Feb 16 23:30:00 [CRON] (root) CMD ( [ -f /kolab/etc/rc ] && /kolab/etc/rc all quarterly)_
Feb 16 23:30:00 [CRON] (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )_
Feb 16 23:30:34 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
- Last output repeated 5 times -
Feb 16 23:34:04 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
- Last output repeated 5 times -
Feb 16 23:43:07 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
- Last output repeated 6 times -
Feb 16 23:45:00 [CRON] (root) CMD ( [ -f /kolab/etc/rc ] && /kolab/etc/rc all quarterly)_
Feb 16 23:45:00 [CRON] (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )_
Feb 16 23:45:19 [kernel] UDP: bad checksum. From 82.82.117.139:4672 to 172.176.76.63:6920 ulen 28
Feb 16 23:46:32 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
- Last output repeated 5 times -
Feb 16 23:47:34 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
- Last output repeated 6 times -
Feb 16 23:59:01 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
- Last output repeated 2 times -
Feb 16 23:59:05 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 16 23:59:07 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
- Last output repeated 2 times -
Feb 17 00:00:00 [CRON] (root) CMD ( [ -f /kolab/etc/rc ] && /kolab/etc/rc all quarterly)_
Feb 17 00:00:00 [CRON] (root) CMD ( [ -f /kolab/etc/rc ] && /kolab/etc/rc all hourly)_
Feb 17 00:00:00 [CRON] (root) CMD (rm -f /var/spool/cron/lastrun/cron.daily)_
Feb 17 00:00:01 [CRON] (root) CMD ( [ -f /kolab/etc/rc ] && /kolab/etc/rc all daily)_
Feb 17 00:00:01 [CRON] (root) CMD (analog)_
Feb 17 00:00:01 [CRON] (root) CMD (rm -f /var/spool/cron/lastrun/cron.hourly)_
Feb 17 00:00:01 [CRON] (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )_
Feb 17 00:00:02 [su(pam_unix)] session opened for user kolab-r by (uid=0)
Feb 17 00:00:04 [sSMTP] Sent mail for root@gaia.proxyshare.com (221 Bye)
Feb 17 00:00:07 [su(pam_unix)] session closed for user kolab-r
Feb 17 00:07:02 [kernel] UDP: bad checksum. From 82.82.117.139:4672 to 172.176.76.63:6920 ulen 28
Feb 17 00:08:12 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
- Last output repeated 5 times -
Feb 17 00:10:39 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
- Last output repeated 8 times -
Feb 17 00:16:16 [CRON] (root) CMD ( [ -f /kolab/etc/rc ] && /kolab/etc/rc all quarterly)_
Feb 17 00:16:16 [CRON] (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )_
Feb 17 00:20:45 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
- Last output repeated 5 times -
Feb 17 00:28:47 [kernel] UDP: bad checksum. From 82.82.117.139:4672 to 172.176.76.63:6920 ulen 28
Feb 17 00:30:34 [CRON] (root) CMD ( [ -f /kolab/etc/rc ] && /kolab/etc/rc all quarterly)_
Feb 17 00:30:34 [CRON] (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )_


each day at around midnight my internet and network is getting shaky

how can i fix that?
Back to top
View user's profile Send private message
dsegel
Tux's lil' helper
Tux's lil' helper


Joined: 31 Jan 2003
Posts: 127
PostPosted: Tue Feb 17, 2004 6:53 am    Post subject: Reply with quote
This (martian packets) usually means you have a network device that is mis-configured and is spewing packets onto the wrong network (IP subnet?). I suppose it could be somebody trying to break in, but that's probably not the case.

It's controlled by the log_martians sysctl, in case you want to just turn it off. More info here: http://ipsysctl-tutorial.frozentux.net/ipsysctl-tutorial.html#AEN612

It could be some process is turning it on around midnight and then dumping the bad stuff.
Back to top
View user's profile Send private message
Gentoo Server
Apprentice
Apprentice


Joined: 21 Jul 2003
Posts: 279
PostPosted: Tue Feb 17, 2004 8:27 am    Post subject: Reply with quote
acually its pretty around the clock

Feb 17 04:18:00 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 04:27:42 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 04:30:08 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 04:39:54 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 04:42:15 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 04:52:05 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 04:54:22 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 05:04:17 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 05:06:29 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 05:16:29 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 05:18:36 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 05:28:40 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 05:30:43 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 05:40:52 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 05:42:50 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 05:53:03 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 05:54:57 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 06:05:15 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 06:07:04 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 06:17:27 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 06:19:11 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 06:29:38 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 06:31:18 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 06:41:50 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 06:43:26 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 06:54:02 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 06:55:33 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 07:06:13 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 07:07:40 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 07:18:25 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 07:19:47 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 07:30:36 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 07:31:54 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 07:42:48 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 07:44:01 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 07:55:00 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 07:56:08 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 08:07:11 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 08:08:15 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 08:19:23 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 08:20:22 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 08:31:35 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 08:32:29 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 08:43:46 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 08:44:36 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 08:55:58 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 08:56:44 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 09:08:09 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 09:08:51 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Feb 17 09:20:21 [kernel] martian source 192.168.0.2 from 192.168.52.1, on dev eth0
Feb 17 09:20:58 [kernel] martian source 192.168.0.2 from 192.168.142.1, on dev eth0
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy