A few days ago I notices some entries like this in my iptables log: Mar 1 06:33:17 bulworth OUTPUT dropped: IN= OUT=eth0 MAC=de:24:c0:00:00:00:00:11:00:00:00:00:00:00:00:00:00:00:00:01:00:00:00:00: 00:00:00:a4:21:00:00:00:00:00:00:a4:21:00:00:a4:21:00:00:01:00:00:00:00:00:8 3:c0:00:00:83:c0:00:00:00:00:00:00:00:00:00:00:00:00:a8:e0:5f:c0:a8:e0:5f:c0 :00:00:00:00:b4:45:00:00:8f:00:00:40:00:40:11:12:40:0a:0a:0a:01:0a:0a:0a:0a: 00:35:0a:bf:00:7b:37:80:00:3f:85:80:00:01:00:01:00:02:00:02:06:66:72:69:68:6 5:74:03:74:76:32:02:6e:6f:00:00:01:00:01:c0:0c:00:01:00:01:00:00:54:60:00:04 :c1:e3:cc:b4:c0:13:00:02:00:01:00:00:54:60:00:06:03:6e:73:31:c0:13:c0:13:00: 02:00:01:00:00:54:60:00:06:03:6e:73:32:c0:13:c0:3b:00:01:00:01:00:00:54:60:0 0:04:c1:e3:cd:0b:c0:4d:00:01:00:01:00:00:54 SRC=10.10.10.1 DST=10.10.10.10 LEN=143 TOS=00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=2751 LEN=123
Anyone know what happened here? Like why the MAC address is a mile long? Looks like some sort of malicious dns reply maybe?? /Christopher Thorjussen
