I have these messages that are driving me mad. The really litter my /var/log/warn.
Code:
Jan 24 10:55:35 linux-w779 kernel: [ 7162.780285] IPv4: martian source 192.168.1.7 from 173.194.70.106, on dev eth0Jan 24 10:55:35 linux-w779 kernel: [ 7162.780293] ll header: 00000000: 5c ff 35 06 cd 99 c8 d7 19 89 00 05 08 00 \.5...........
Jan 24 10:55:35 linux-w779 kernel: [ 7162.780304] IPv4: martian source 192.168.1.7 from 173.194.70.106, on dev eth0
Jan 24 10:55:35 linux-w779 kernel: [ 7162.780308] ll header: 00000000: 5c ff 35 06 cd 99 c8 d7 19 89 00 05 08 00 \.5...........
Jan 24 10:55:35 linux-w779 kernel: [ 7162.780317] IPv4: martian source 192.168.1.7 from 173.194.70.106, on dev eth0
Jan 24 10:55:35 linux-w779 kernel: [ 7162.780321] ll header: 00000000: 5c ff 35 06 cd 99 c8 d7 19 89 00 05 08 00 \.5...........
Jan 24 10:55:35 linux-w779 kernel: [ 7163.017901] IPv4: martian source 192.168.1.7 from 173.194.70.106, on dev eth0
Jan 24 10:55:35 linux-w779 kernel: [ 7163.017910] ll header: 00000000: 5c ff 35 06 cd 99 c8 d7 19 89 00 05 08 00 \.5...........
Jan 24 10:55:36 linux-w779 kernel: [ 7163.495184] IPv4: martian source 192.168.1.7 from 173.194.70.106, on dev eth0
Jan 24 10:55:36 linux-w779 kernel: [ 7163.495192] ll header: 00000000: 5c ff 35 06 cd 99 c8 d7 19 89 00 05 08 00 \.5...........
Jan 24 10:55:37 linux-w779 kernel: [ 7164.449613] IPv4: martian source 192.168.1.7 from 173.194.70.106, on dev eth0
Jan 24 10:55:37 linux-w779 kernel: [ 7164.449622] ll header: 00000000: 5c ff 35 06 cd 99 c8 d7 19 89 00 05 08 00 \.5...........
Jan 24 10:55:39 linux-w779 kernel: [ 7166.358308] IPv4: martian source 192.168.1.7 from 173.194.70.106, on dev eth0
Jan 24 10:55:39 linux-w779 kernel: [ 7166.358316] ll header: 00000000: 5c ff 35 06 cd 99 c8 d7 19 89 00 05 08 00 \.5...........
Jan 24 10:55:43 linux-w779 kernel: [ 7170.175756] IPv4: martian source 192.168.1.7 from 173.194.70.106, on dev eth0
Jan 24 10:55:43 linux-w779 kernel: [ 7170.175764] ll header: 00000000: 5c ff 35 06 cd 99 c8 d7 19 89 00 05 08 00 \.5...........
Jan 24 10:55:50 linux-w779 kernel: [ 7177.810563] IPv4: martian source 192.168.1.7 from 173.194.70.106, on dev eth0
Jan 24 10:55:50 linux-w779 kernel: [ 7177.810570] ll header: 00000000: 5c ff 35 06 cd 99 c8 d7 19 89 00 05 08 00 \.5...........
Jan 24 10:55:58 linux-w779 pidof[27006]: can't read from 26977/stat
Jan 24 10:56:00 linux-w779 kernel: [ 7187.793962] IPv4: martian source 192.168.1.7 from 173.194.70.106, on dev eth0
Jan 24 10:56:00 linux-w779 kernel: [ 7187.793971] ll header: 00000000: 5c ff 35 06 cd 99 c8 d7 19 89 00 05 08 00 \.5...........
Jan 24 10:56:02 linux-w779 pidof[27053]: can't read from 27044/stat
Jan 24 10:56:10 linux-w779 kernel: [ 7197.776844] IPv4: martian source 192.168.1.7 from 173.194.70.106, on dev eth0
Jan 24 10:56:10 linux-w779 kernel: [ 7197.776852] ll header: 00000000: 5c ff 35 06 cd 99 c8 d7 19 89 00 05 08 00 \.5...........
Jan 24 10:56:14 linux-w779 pidof[27189]: can't read from 27166/stat
Jan 24 10:57:30 linux-w779 pidof[28083]: can't read from 28059/stat
Jan 24 10:58:06 linux-w779 pidof[28532]: can't read from 28496/stat
Jan 24 10:58:42 linux-w779 pidof[28958]: can't read from 28955/stat
Jan 24 10:59:02 linux-w779 pidof[29180]: can't read from 29191/stat
Jan 24 10:59:26 linux-w779 pidof[29477]: can't read from 29481/stat
Jan 24 10:59:42 linux-w779 pidof[29669]: can't read from 29672/stat
Jan 24 10:59:42 linux-w779 pidof[29678]: can't read from 29669/stat
Jan 24 11:01:02 linux-w779 pidof[30649]: can't read from 30638/stat
Jan 24 11:01:06 linux-w779 pidof[30717]: can't read from 30698/stat
Jan 24 11:01:10 linux-w779 pidof[30756]: can't read from 30725/stat
Jan 24 11:01:14 linux-w779 pidof[30804]: can't read from 30813/stat
Jan 24 11:01:18 linux-w779 pidof[30846]: can't read from 30822/stat
Jan 24 11:01:42 linux-w779 pidof[31130]: can't read from 31126/stat
Jan 24 11:02:18 linux-w779 pidof[31565]: can't read from 31522/stat
Jan 24 11:02:18 linux-w779 pidof[31559]: can't read from 31530/stat
Jan 24 11:03:22 linux-w779 pidof[32310]: can't read from 32293/stat
Jan 24 11:03:42 linux-w779 pidof[32532]: can't read from 32527/stat
Jan 24 11:05:06 linux-w779 pidof[1152]: can't read from 1098/stat
Jan 24 11:05:58 linux-w779 pidof[1873]: can't read from 1821/stat
Jan 24 11:08:30 linux-w779 pidof[3872]: can't read from 3836/stat
Jan 24 11:10:34 linux-w779 pidof[5373]: can't read from 5392/stat
Jan 24 11:11:14 linux-w779 pidof[5857]: can't read from 5821/stat
Jan 24 11:11:26 linux-w779 pidof[6000]: can't read from 5974/stat
Jan 24 11:11:50 linux-w779 pidof[6278]: can't read from 6269/stat
Jan 24 11:12:18 linux-w779 pidof[6601]: can't read from 6594/stat
Jan 24 11:12:50 linux-w779 pidof[7000]: can't read from 6973/stat
Jan 24 11:12:54 linux-w779 pidof[7026]: can't read from 7007/stat
Jan 24 11:13:26 linux-w779 pidof[7426]: can't read from 7434/stat
Jan 24 11:14:10 linux-w779 pidof[7952]: can't read from 7925/stat
Jan 24 11:15:14 linux-w779 pidof[8738]: can't read from 8719/stat
Jan 24 11:15:30 linux-w779 pidof[8933]: can't read from 8889/stat
Jan 24 11:15:42 linux-w779 pidof[9091]: can't read from 9058/stat
Jan 24 11:17:18 linux-w779 pidof[10223]: can't read from 10210/stat
Jan 24 11:18:50 linux-w779 pidof[11302]: can't read from 11303/stat
Jan 24 11:19:38 linux-w779 pidof[11879]: can't read from 11883/stat
Jan 24 11:19:42 linux-w779 pidof[11908]: can't read from 11902/stat
Jan 24 11:19:50 linux-w779 pidof[12018]: can't read from 12012/stat
Jan 24 11:19:54 linux-w779 pidof[12067]: can't read from 12057/stat
Jan 24 11:20:14 linux-w779 pidof[12296]: can't read from 12294/stat
Jan 24 11:20:34 linux-w779 pidof[12544]: can't read from 12542/stat
Jan 24 11:21:22 linux-w779 pidof[13089]: can't read from 13070/stat
Jan 24 11:21:22 linux-w779 pidof[13110]: can't read from 13092/stat
Jan 24 11:21:34 linux-w779 pidof[13245]: can't read from 13218/stat
Jan 24 11:22:02 linux-w779 pidof[13566]: can't read from 13555/stat
Jan 24 11:22:10 linux-w779 pidof[13667]: can't read from 13656/stat
Jan 24 11:22:54 linux-w779 pidof[14187]: can't read from 14164/stat
Jan 24 11:23:58 linux-w779 pidof[14946]: can't read from 14938/stat
Jan 24 11:24:14 linux-w779 pidof[15134]: can't read from 15137/stat
Jan 24 11:24:26 linux-w779 pidof[15280]: can't read from 15278/stat
Jan 24 11:24:54 linux-w779 pidof[15605]: can't read from 15590/stat
Jan 24 11:25:02 linux-w779 pidof[15711]: can't read from 15680/stat
Jan 24 11:25:42 linux-w779 pidof[16173]: can't read from 16164/stat
Jan 24 11:25:50 linux-w779 pidof[16281]: can't read from 16262/stat
Jan 24 11:26:14 linux-w779 pidof[16555]: can't read from 16551/stat
Jan 24 11:26:50 linux-w779 pidof[16966]: can't read from 16953/stat
Jan 24 11:27:14 linux-w779 pidof[17267]: can't read from 17232/stat
Jan 24 11:27:38 linux-w779 pidof[17542]: can't read from 17548/stat
Jan 24 11:27:58 linux-w779 pidof[17780]: can't read from 17775/stat
So what are all these: can't read from. I do not understand where the issue comes from. Tried to google but nothing.
Second thing:
martian sources are usually a problem with configuration. But it does not seem I have a config problem. I have a "dump" modem bridged with a router setup with NAT.
So, this router does not have any server activated and even the wlanpart is off. Or are these attempts to get into my system using internal IP addresses? And a router if setup correctly should not forward these packages, right? So something is wrong here.
a) what are these cannot read from messages? How can I find out.
b) what configuration could be wrong to get martian sources?
c) if these martians are effectively are coming from outside, would it be possible to blacklist in automatic these IP addresse after let us say 5 attempts? How would I do this?
As this concerns maybe network, maybe not, I post it here. Just to see if I manage to get an answer already on the "cannot read" part that is littering in an unbelievable way my log.
No comments:
Post a Comment