设为首页 - 加入收藏 郑州电脑维修网(hcyzs.cn),专注电脑维修,打印机维修加粉,公司组网布网,监控安防等数十年!
热搜: RJ-11 TP-LINK casque by dr casque by dr
广告位
当前位置: 主页 > 操作系统 > Linux教程 >

martian source packets(ll header)

2010-05-10 11:42 [Linux教程] 来源于:
导读:使用dmesg或者查看/var/log/messages日志中有大量的如下log:martian source 222.73.xxx.255
使用dmesg或者查看/var/log/messages日志中有大量的如下log:

martian source 222.73.xxx.255 from 222.73.xxx.173, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:15:17:13:33:66:08:00
martian source 222.73.xxx.255 from 222.73.xxx.173, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:15:17:13:33:66:08:00
martian source 222.73.xxx.255 from 222.73.xxx.173, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:15:17:13:33:66:08:00
martian source 222.73.xxx.255 from 222.73.xxx.176, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1d:7d:3b:f4:77:08:00
martian source 222.73.xxx.255 from 222.73.xxx.221, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:90:0b:0e:b8:f2:08:00
martian source 222.73.xxx.255 from 222.73.xxx.174, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:15:17:60:33:24:08:00
martian source 222.73.xxx.255 from 222.73.xxx.165, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1e:8c:c2:49:0a:08:00
martian source 192.168.1.255 from 192.168.1.165, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1e:8c:c2:49:0b:08:00
martian source 192.168.1.255 from 192.168.1.165, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1e:8c:c2:49:0b:08:00
martian source 192.168.1.255 from 192.168.1.165, on dev eth0


 

A martian data packet is a network data packet that has an impossible source or destination IP, such as a packet that claims to have come from the broadcast address, 255.255.255.255. Another example of a martian packet would be if you received a packet from 192.168.0.1 through your networks external gateway.

IPs in the range of 192.168.* are not routable through gateways, so this situation should never happen. Usually martians are just the result of network misconfigurations or glitches of some sort, but they can be caused by deliberate mangling of the IP packet, such as when trying to hide the real origin of the packets during an attack against a server. If you see just a few martian packet messages then there probably isn’t anything to worry about, but if you see lots of them then take a closer look.

Recent kernels print out the link level header of the packet along with the martian warning, and the header contains the destination and source MAC addresses. In the example below the destination MAC (for the server “aries”) is 00:01:80:23:96:54, and the source MAC (the sender of the martian) is 00:e0:52:14:4d:9d. The “08:00″ at the end just indicates that this header is from an ipv4 over ethernet packet.

(编辑:admin)

网友评论
推荐文章