Thanks, but no. I have identified the offending computer. What I am looking for is for more information about martians (rules that determine that there is a martian so I can track down why this packets are seen as martians) and some way to find out the offending program. My users are using M$ OSs. Until a couple of weeks ago everything was OK, so I asume a "self administrator" using some "nice feature program".
Also I would like to know if I eventually can filter out this packets. Silent deny is for tcp/udp packets and this are arp!!! Thanks > -----Mensaje original----- > De: Kelly D. Wason [mailto:[EMAIL PROTECTED]] > Enviado el: Wednesday, May 01, 2002 09:20 > Para: Sergio Morilla > Asunto: RE: [leaf-user] Martians - Why??? narp??? Backdoor?? > > > I ran into this problem one time when I inadvertently > connected eth0 back to > my hub on the private network (I think that is what I did-- > anyway it was a > cabling problem) > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Sergio > Morilla > Sent: Tuesday, April 30, 2002 6:47 AM > To: Leaf-user@lists. sourceforge. net (E-mail) > Subject: [leaf-user] Martians - Why??? narp??? Backdoor?? > > > Hi, > > I have a very long rate of this martians in my logs. > > Apr 30 08:08:06 tptrtr kernel: martian source 00000000 for > ff01a8c0, dev > eth1 > Apr 30 08:08:06 tptrtr kernel: ll header: ff ff ff ff ff ff > 00 50 04 a4 f2 > 09 08 00 > > Translated > > 00000000 ff01a8c0 0.0.0.0 for > 192.168.1.255 > ff ff ff ff ff ff 00 50 04 a4 f2 09 08 00(TCP) > > Why is this a martian??? > I guess it�s for the source address. Is this right?? If not, why?? > > I've tracked down the offending machine. How do I get the program > generating them??? Using Etherape I managed to track this packets as > "narp" (NBMA Address Resolution Protocol RFC1735)packets. > > NBMA stands for Non-Broadcast, Multi-Access !!! > > Any hints on what this may be?? Any backdoor??? > Hao can I just ignore this packets so the not fill my logs??? > > -------------------------------------------------------------- > ---------- > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
