[nSLUG] Tnx Re: tcpdump qry: What does this mean?

Mike Spencer mspencer at tallships.ca
Wed Jan 14 14:18:44 AST 2004


me> I spotted this a couple of nights ago:
me>
me>     01:10:31.625722 0.0.0.0 > 0.0.0.0: ip-proto-0 536 [ttl 0]


dop> It's a martian packet... 

Yow!  The rover is talking to *me*!  :-)

dop> I'm guessing you're on dialup?

Yes.  PPP -> my_ISP -> Eastlink -> the_net

dop> http://www.netlingo.com/lookup.cfm?term=martian%20packet
dop> 
dop> http://www.cromwell-intl.com/security/security-stack-hardening.html
dop> has notes on monitoring this, amongst other odds and ends (basically,
dop> echo 1 > /proc/sys/net/ipv4/conf/all/log_martians).

Great.  Thanks.  I *did* do a brief web search before asking but only
found fragments of apparently ongoing discussions and I couldn't
deduce much in media res.

If I see it often, I'll FYI my ISP.

Thanks,
- Mike

-- 
Michael Spencer                  Nova Scotia, Canada       .~. 
                                                           /V\ 
mspencer at tallships.ca                                     /( )\
http://home.tallships.ca/mspencer/                        ^^-^^

-- 





More information about the nSLUG mailing list