At 10:39 AM 5/22/02 -0700, Mike Noyes wrote: [...] >Ray, >Thanks for jumping in. :-) > >Would this account for the Martin messages he is receiving also?
Probably not. The only info I could find in his postings about Martians is this: >martian source bd69fea9 for fffffea9, dev eth1 >ll header: ff ff ff ff ff ff 00 40 f4 26 ec 95 08 00 > >00 40 f4 26 ec 95 is the MAC address of a machine behind the LRP firewall. The Martian source address unpacks to 169.254.105.189 . That's the kind of address (169.x.y.z) that a Windows machine gives itself when it tries and fails to get an address by DHCP assignment (there is an RFC that specifies this as correct behavior, so I'm not picking on Windows here). Since he's told us NOTHING about his internal setup, I can't venture an intelligent guess about *why* the involved host didn't get a DHCP lease, but that's where he should look for the cause of this one. >[...] >I think you can stop logging of TOS redirects in network.config by >changing the option below to yes. This may open up a possible security >hole. > >ALLIF_ACCEPT_REDIRECTS=NO If this changes the kernel flag I think it does, then it does more than suppress logging. It tells the kernel to change its substantive behavior, to accept the actual redirect instructions. I'm very rusty on this stuff, but I bet there was some spoofing problem that caused most of the world ... with this ISP an exception ... to move away from using redirects, at least for updating edge routers. Of course, it is possible that the ISP is not an exception, and he is the victim of an attempted spoof. Other than his asking the ISP what's up, I don't know how to find out. -- -----------------------------------------------"Never tell me the odds!"-------------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------------------- _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
