Re: [Nolug] Martian source error message

From: Christoph Boget <jcboget_at_yahoo.com>
Date: Sat, 29 Nov 2003 16:39:34 -0800 (PST)
Message-ID: <20031130003934.31102.qmail@web13603.mail.yahoo.com>

> The first obvious thing is that this is a broadcast
> packet, just by looking at the source MAC address
> (ff:ff:ff:ff:ff:ff). What OS is the machine with
> MAC 00:06:25:2a:72:d1 running?

How do I find out the MAC address on a PC? In any
case, all of my PCs (apart from my linux box) are all
running XP Pro.

> Also, maybe you have something like this set
> somewhere in your startup scripts (could be set
> with sysctl too):

How do I check to see if that's the case. btw, this
is the contents of my sysctl.conf file:

-----------
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See
sysctl(8) for
# more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Controls the System Request debugging functionality
of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to
the core filename.
# Useful for debugging multi-threaded applications.
-----------

> # Log spoofed packets, source routed packets,
> redirect packets.
> /bin/echo "1" >
> /proc/sys/net/ipv4/conf/all/log_martians

What is the above doing, exactly? What is "1"? Where
do I put the above command? Running it at the prompt
didn't seem to do anything.
 
> If you are using iptables,

I am.

> I found the following page to be a useful reference
> for reading the logs:

I'll check it out, thanks.

> Some more info, especially log entries from
> netfilter would help.

Where do I find the netfilter log? Doing a locate on
"netfilter" just turned up source files.

thnx,
Chris

__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/
___________________
Nolug mailing list
nolug@nolug.org
Received on 11/29/03

This archive was generated by hypermail 2.2.0 : 12/19/08 EST