Forum Debian Users Gang

redelek · 2012-08-17 10:50:33

Witam,

Mam taki mały problem, mam w dużej sieci swoich 8 serwerów którymi administruję. Całą siecią i urządzeniami administrują jakieś inne misie :)
Postawiłem sobie serwer do monitorowania tych 8 serwerów i do zbierania z nich logów nazwę go MONIT. Serwer ma 2 karty sieciowe jedna wewnętrzna druga zewnętrzna.
Na karcie wewnętrznej sysLog systemowy roście w zastraszającym tempie, bo cały czas pokazują się takie wpisy

Kod:

Aug 17 10:44:45 monit kernel: [1544717.251966] martian source 212.87.17.53 from 212.87.17.254, on dev eth1
Aug 17 10:44:45 monit kernel: [1544717.251970] ll header: ff:ff:ff:ff:ff:ff:80:71:1f:92:f8:00:08:06
Aug 17 10:44:45 monit kernel: [1544717.284714] martian source 255.255.255.255 from 192.168.1.173, on dev eth1
Aug 17 10:44:45 monit kernel: [1544717.284717] ll header: ff:ff:ff:ff:ff:ff:00:0f:fe:6c:1f:d8:08:00
Aug 17 10:44:45 monit kernel: [1544717.288309] martian source 192.168.19.90 from 192.168.19.74, on dev eth1
Aug 17 10:44:45 monit kernel: [1544717.288312] ll header: ff:ff:ff:ff:ff:ff:a4:ba:db:fb:27:d5:08:06
Aug 17 10:44:45 monit kernel: [1544717.322738] martian source 192.168.1.93 from 192.168.1.98, on dev eth1
Aug 17 10:44:45 monit kernel: [1544717.322741] ll header: ff:ff:ff:ff:ff:ff:00:0a:59:00:ba:1e:08:06
Aug 17 10:44:45 monit kernel: [1544717.350195] martian source 255.255.255.255 from 192.168.19.24, on dev eth1
Aug 17 10:44:45 monit kernel: [1544717.350198] ll header: ff:ff:ff:ff:ff:ff:e8:03:9a:aa:95:9b:08:00
Aug 17 10:44:50 monit kernel: [1544721.888404] __ratelimit: 89 callbacks suppressed
Aug 17 10:44:50 monit kernel: [1544721.888410] martian source 192.168.17.82 from 192.168.17.254, on dev eth1
Aug 17 10:44:50 monit kernel: [1544721.888412] ll header: ff:ff:ff:ff:ff:ff:00:07:e9:10:58:34:08:06
Aug 17 10:44:50 monit kernel: [1544721.913015] martian source 192.168.1.49 from 192.168.1.93, on dev eth1
Aug 17 10:44:50 monit kernel: [1544721.913018] ll header: ff:ff:ff:ff:ff:ff:00:17:a4:ff:ee:e3:08:06
Aug 17 10:44:50 monit kernel: [1544721.944872] martian source 255.255.255.255 from 192.168.19.215, on dev eth1
Aug 17 10:44:50 monit kernel: [1544721.944875] ll header: ff:ff:ff:ff:ff:ff:18:03:73:8f:f3:81:08:00
Aug 17 10:44:50 monit kernel: [1544722.042377] martian source 212.87.16.24 from 212.87.16.254, on dev eth1
Aug 17 10:44:50 monit kernel: [1544722.042380] ll header: ff:ff:ff:ff:ff:ff:80:71:1f:92:f8:00:08:06
Aug 17 10:44:50 monit kernel: [1544722.159060] martian source 192.168.13.102 from 192.168.13.106, on dev eth1
Aug 17 10:44:50 monit kernel: [1544722.159063] ll header: ff:ff:ff:ff:ff:ff:00:17:31:8d:a4:d6:08:06
Aug 17 10:44:50 monit kernel: [1544722.161805] martian source 192.168.13.255 from 192.168.13.106, on dev eth1
Aug 17 10:44:50 monit kernel: [1544722.161808] ll header: ff:ff:ff:ff:ff:ff:00:17:31:8d:a4:d6:08:00
Aug 17 10:44:50 monit kernel: [1544722.206001] martian source 255.255.255.255 from 192.168.13.102, on dev eth1
Aug 17 10:44:50 monit kernel: [1544722.206004] ll header: ff:ff:ff:ff:ff:ff:00:19:db:a3:1e:59:08:00
Aug 17 10:44:50 monit kernel: [1544722.275864] martian source 255.255.255.255 from 192.168.1.173, on dev eth1
Aug 17 10:44:50 monit kernel: [1544722.275867] ll header: ff:ff:ff:ff:ff:ff:00:0f:fe:6c:1f:d8:08:00
Aug 17 10:44:50 monit kernel: [1544722.279642] martian source 192.168.19.31 from 192.168.19.74, on dev eth1
Aug 17 10:44:50 monit kernel: [1544722.279646] ll header: ff:ff:ff:ff:ff:ff:a4:ba:db:fb:27:d5:08:06
Aug 17 10:44:50 monit kernel: [1544722.317407] martian source 192.168.17.50 from 192.168.17.254, on dev eth1
Aug 17 10:44:50 monit kernel: [1544722.317410] ll header: ff:ff:ff:ff:ff:ff:00:07:e9:10:58:34:08:06
Aug 17 10:44:55 monit kernel: [1544726.913122] __ratelimit: 125 callbacks suppressed
Aug 17 10:44:55 monit kernel: [1544726.913127] martian source 192.168.17.4 from 192.168.17.254, on dev eth1
Aug 17 10:44:55 monit kernel: [1544726.913130] ll header: ff:ff:ff:ff:ff:ff:00:07:e9:10:58:34:08:06
Aug 17 10:44:55 monit kernel: [1544726.932580] martian source 212.87.16.228 from 212.87.16.254, on dev eth1
Aug 17 10:44:55 monit kernel: [1544726.932584] ll header: ff:ff:ff:ff:ff:ff:80:71:1f:92:f8:00:08:06
Aug 17 10:44:55 monit kernel: [1544726.965329] martian source 255.255.255.255 from 192.168.19.99, on dev eth1
Aug 17 10:44:55 monit kernel: [1544726.965332] ll header: ff:ff:ff:ff:ff:ff:1c:6f:65:9f:e0:09:08:00
Aug 17 10:44:55 monit kernel: [1544726.999642] martian source 255.255.255.255 from 192.168.19.61, on dev eth1
Aug 17 10:44:55 monit kernel: [1544726.999646] ll header: ff:ff:ff:ff:ff:ff:00:15:17:30:32:bc:08:00
Aug 17 10:44:55 monit kernel: [1544727.030632] martian source 192.168.19.249 from 192.168.17.87, on dev eth1
Aug 17 10:44:55 monit kernel: [1544727.030635] ll header: ff:ff:ff:ff:ff:ff:00:1b:a9:8d:ac:2e:08:06
Aug 17 10:44:55 monit kernel: [1544727.035598] martian source 255.255.255.255 from 192.168.19.215, on dev eth1
Aug 17 10:44:55 monit kernel: [1544727.035602] ll header: ff:ff:ff:ff:ff:ff:18:03:73:8f:f3:81:08:00
Aug 17 10:44:55 monit kernel: [1544727.093016] martian source 192.168.17.20 from 192.168.17.254, on dev eth1
Aug 17 10:44:55 monit kernel: [1544727.093019] ll header: ff:ff:ff:ff:ff:ff:00:07:e9:10:58:34:08:06
Aug 17 10:44:55 monit kernel: [1544727.096860] martian source 255.255.255.255 from 192.168.19.24, on dev eth1
Aug 17 10:44:55 monit kernel: [1544727.096863] ll header: ff:ff:ff:ff:ff:ff:e8:03:9a:aa:95:9b:08:00
Aug 17 10:44:55 monit kernel: [1544727.118546] martian source 192.168.17.72 from 192.168.17.254, on dev eth1
Aug 17 10:44:55 monit kernel: [1544727.118549] ll header: ff:ff:ff:ff:ff:ff:00:07:e9:10:58:34:08:06
Aug 17 10:44:55 monit kernel: [1544727.149974] martian source 192.168.19.255 from 192.168.19.206, on dev eth1
Aug 17 10:44:55 monit kernel: [1544727.149977] ll header: ff:ff:ff:ff:ff:ff:00:01:6c:dc:3a:3a:08:00
Aug 17 10:45:00 monit kernel: [1544731.960644] __ratelimit: 130 callbacks suppressed
Aug 17 10:45:00 monit kernel: [1544731.960649] martian source 192.168.19.255 from 192.168.19.163, on dev eth1
Aug 17 10:45:00 monit kernel: [1544731.960652] ll header: ff:ff:ff:ff:ff:ff:bc:ae:c5:02:88:3c:08:00
Aug 17 10:45:00 monit kernel: [1544731.968268] martian source 192.168.19.117 from 192.168.19.74, on dev eth1
Aug 17 10:45:00 monit kernel: [1544731.968271] ll header: ff:ff:ff:ff:ff:ff:a4:ba:db:fb:27:d5:08:06
Aug 17 10:45:00 monit kernel: [1544731.968287] martian source 192.168.19.9 from 192.168.19.74, on dev eth1
Aug 17 10:45:00 monit kernel: [1544731.968289] ll header: ff:ff:ff:ff:ff:ff:a4:ba:db:fb:27:d5:08:06
Aug 17 10:45:00 monit kernel: [1544731.968828] martian source 192.168.19.212 from 192.168.19.74, on dev eth1
Aug 17 10:45:00 monit kernel: [1544731.968830] ll header: ff:ff:ff:ff:ff:ff:a4:ba:db:fb:27:d5:08:06
Aug 17 10:45:00 monit kernel: [1544731.968947] martian source 192.168.19.169 from 192.168.19.74, on dev eth1
Aug 17 10:45:00 monit kernel: [1544731.968950] ll header: ff:ff:ff:ff:ff:ff:a4:ba:db:fb:27:d5:08:06
Aug 17 10:45:00 monit kernel: [1544731.970781] martian source 192.168.19.62 from 192.168.19.74, on dev eth1
Aug 17 10:45:00 monit kernel: [1544731.970783] ll header: ff:ff:ff:ff:ff:ff:a4:ba:db:fb:27:d5:08:06
Aug 17 10:45:00 monit kernel: [1544731.971003] martian source 192.168.19.170 from 192.168.19.74, on dev eth1
Aug 17 10:45:00 monit kernel: [1544731.971007] ll header: ff:ff:ff:ff:ff:ff:a4:ba:db:fb:27:d5:08:06
Aug 17 10:45:00 monit kernel: [1544731.983467] martian source 192.168.19.211 from 192.168.19.74, on dev eth1
Aug 17 10:45:00 monit kernel: [1544731.983471] ll header: ff:ff:ff:ff:ff:ff:a4:ba:db:fb:27:d5:08:06
Aug 17 10:45:00 monit kernel: [1544731.983600] martian source 192.168.19.168 from 192.168.19.74, on dev eth1
Aug 17 10:45:00 monit kernel: [1544731.983602] ll header: ff:ff:ff:ff:ff:ff:a4:ba:db:fb:27:d5:08:06
Aug 17 10:45:00 monit kernel: [1544731.983616] martian source 192.168.19.8 from 192.168.19.74, on dev eth1
Aug 17 10:45:00 monit kernel: [1544731.983618] ll header: ff:ff:ff:ff:ff:ff:a4:ba:db:fb:27:d5:08:06

Panowie twierdzą, że mam błędnie skonfigurowany firewall na iptables, a mi się wydaje że mają problem z wirusami biegającymi po sieci i tych wszystkich podsieciach.
Bardzo będę wdzięczny za pomoc i wyjaśnienie skąd to się bierze. Jeśli z iptables to co mogłem kopać ?

BiExi · 2012-08-17 15:50:25

Kod:

echo 1 > /proc/sys/net/ipv4/conf/eth0/rp_filter

redelek · 2012-08-21 20:34:50

niestety nadal to samo :(

ba10 · 2012-08-21 21:12:07

Kod:

echo 0 > /proc/sys/net/ipv4/conf/all/log_martians

Ostatnio edytowany przez ba10 (2012-08-21 21:12:33)

redelek · 2012-08-21 21:43:11

podziękował działa :)

Forum Debian Users Gang

Ogłoszenie

#1 2012-08-17 10:50:33

redelek - Członek DUG

Zablokowanie dziwnych wpisów w syslog

Kod:

#2 2012-08-17 15:50:25

BiExi - matka przelozona

Re: Zablokowanie dziwnych wpisów w syslog

Kod:

#3 2012-08-21 20:34:50

redelek - Członek DUG

Re: Zablokowanie dziwnych wpisów w syslog

#4 2012-08-21 21:12:07

ba10 - Członek DUG

Re: Zablokowanie dziwnych wpisów w syslog

Kod:

#5 2012-08-21 21:43:11

redelek - Członek DUG

Re: Zablokowanie dziwnych wpisów w syslog

Stopka forum