Hi, I have a very long rate of this martians in my logs.
Apr 30 08:08:06 tptrtr kernel: martian source 00000000 for ff01a8c0, dev eth1 Apr 30 08:08:06 tptrtr kernel: ll header: ff ff ff ff ff ff 00 50 04 a4 f2 09 08 00 Translated 00000000 ff01a8c0 0.0.0.0 for 192.168.1.255 ff ff ff ff ff ff 00 50 04 a4 f2 09 08 00(TCP) Why is this a martian??? I guess it�s for the source address. Is this right?? If not, why?? I've tracked down the offending machine. How do I get the program generating them??? Using Etherape I managed to track this packets as "narp" (NBMA Address Resolution Protocol RFC1735)packets. NBMA stands for Non-Broadcast, Multi-Access !!! Any hints on what this may be?? Any backdoor??? Hao can I just ignore this packets so the not fill my logs??? ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
