Archives
Archives
| From: | Matti Nykyri <matti.nykyri@×××.fi> | ||
|---|---|---|---|
| To: | "gentoo-user@l.g.o" <gentoo-user@l.g.o> | ||
| Subject: | Re: [gentoo-user] martian source with unknown IP and MAC | ||
| Date: | Tue, 18 Aug 2015 07:52:01 | ||
| Message-Id: | EDBF5D2C-5FD4-4D7A-9B3E-4E0308C8B8F9@iki.fi | ||
| In Reply to: | [gentoo-user] martian source with unknown IP and MAC by Grant |
||
| 1 | > On Aug 17, 2015, at 20:46, Grant <emailgrant@×××××.com> wrote: |
| 2 | > |
| 3 | > I received a suspicious prompt while browsing a financial account of mine on my laptop so I restarted my modem but did not DHCP to it. I immediately received a series of type 08 00 martian sources logged to dmesg on my laptop from a 10.x.x.x source while my local network runs on 192.168.x.x only, and the logged MAC address does not match that of any systems on my LAN including the modem and I don't run wifi. Is that martian source suspicious? |
| 4 | |
| 5 | Use tcpdump to study your traffic. My ISP runs their DHCP server in 10.x.x.x space so my firewalls dmesg is full on martian source warnings because the DHCP traffic in the network. My firewall has a public ip and in that public network the DHCP server runs in 10.x.x.x. |
| 6 | |
| 7 | -- |
| 8 | -Matti |