Newbie problem

[Radek]

Hello,

I'm totally new in dedicated server managing and Directadmin.

My server were running OK, but yesterday was inaccessible all day. After I login I see in logs these lines-

Jan 22 14:47:48 localhost kernel: martian source 82.103.130.28 from 194.65.100.179, on dev eth0
Jan 22 14:47:48 localhost kernel: ll header: 00:01:29:ff:fb:1c:00:04:23:9e:f2:3b:08:00
Jan 22 14:47:53 localhost kernel: NET: 833 messages suppressed.
Jan 22 14:47:53 localhost kernel: martian source 82.103.128.48 from 195.214.255.14, on dev eth0
Jan 22 14:47:53 localhost kernel: ll header: 00:01:29:ff:fb:1c:00:04:23:9e:f2:3b:08:00
Jan 22 14:47:58 localhost kernel: NET: 855 messages suppressed.
Jan 22 14:47:58 localhost kernel: martian source 82.103.130.28 from 62.252.32.12, on dev eth0
Jan 22 14:47:58 localhost kernel: ll header: 00:01:29:ff:fb:1c:00:04:23:9e:f2:3b:08:00
Jan 22 14:48:03 localhost kernel: NET: 768 messages suppressed.
Jan 22 14:48:03 localhost kernel: martian source 82.103.128.48 from 195.175.37.100, on dev eth0
Jan 22 14:48:03 localhost kernel: ll header: 00:01:29:ff:fb:1c:00:04:23:9e:f2:3b:08:00
Jan 22 14:48:08 localhost kernel: NET: 749 messages suppressed.
Jan 22 14:48:08 localhost kernel: martian source 82.103.130.28 from 195.175.37.9, on dev eth0
Jan 22 14:48:08 localhost kernel: ll header: 00:01:29:ff:fb:1c:00:04:23:9e:f2:3b:08:00
Jan 22 14:48:13 localhost kernel: NET: 756 messages suppressed.
Jan 22 14:48:13 localhost kernel: martian source 82.103.128.48 from 62.253.64.12, on dev eth0
Jan 22 14:48:13 localhost kernel: ll header: 00:01:29:ff:fb:1c:00:04:23:9e:f2:3b:08:00
Jan 22 14:48:18 localhost kernel: NET: 680 messages suppressed.
Jan 22 14:48:18 localhost kernel: martian source 82.103.128.48 from 216.255.186.154, on dev eth0
Jan 22 14:48:18 localhost kernel: ll header: 00:01:29:ff:fb:1c:00:04:23:9e:f2:3b:08:00
Jan 22 14:48:23 localhost kernel: NET: 732 messages suppressed.
Jan 22 14:48:23 localhost kernel: martian source 82.103.130.28 from 212.17.199.169, on dev eth0
Jan 22 14:48:23 localhost kernel: ll header: 00:01:29:ff:fb:1c:00:04:23:9e:f2:3b:08:00
Jan 22 14:48:28 localhost kernel: NET: 739 messages suppressed.
Jan 22 14:48:28 localhost kernel: martian source 82.103.128.48 from 193.19.192.2, on dev eth0
Jan 22 14:48:28 localhost kernel: ll header: 00:01:29:ff:fb:1c:00:04:23:9e:f2:3b:08:00
Jan 22 14:48:33 localhost kernel: NET: 771 messages suppressed.
Jan 22 14:48:33 localhost kernel: martian source 82.103.130.28 from 194.204.152.31, on dev eth0
Jan 22 14:48:33 localhost kernel: ll header: 00:01:29:ff:fb:1c:00:04:23:9e:f2:3b:08:00
Jan 22 14:48:38 localhost kernel: NET: 780 messages suppressed.
Jan 22 14:48:38 localhost kernel: martian source 82.103.128.48 from 193.19.192.2, on dev eth0
Jan 22 14:48:38 localhost kernel: ll header: 00:01:29:ff:fb:1c:00:04:23:9e:f2:3b:08:00
Jan 22 14:48:43 localhost kernel: NET: 742 messages suppressed.
Jan 22 14:48:43 localhost kernel: martian source 82.103.128.48 from 194.129.65.122, on dev eth0
Jan 22 14:48:43 localhost kernel: ll header: 00:01:29:ff:fb:1c:00:04:23:9e:f2:3b:08:00
Jan 22 14:48:48 localhost kernel: NET: 826 messages suppressed.

etc...


So server was running, but probably OS had gone into a endless loop or something.

Now everything seems to be OK again.
Can you please help me with that.

Thank you

 

[nobaloney]

Have you googled martian source?

Jeff

 

[Radek]

Have you googled martian source?

Jeff

I did, but what is strange all IP's are regular IP (82.103.130.28) used by server.

I got response from spupport of my hosting:



"We have had a look at your server.

The server (hardware) was running but your OS had gone into a endless loop
reporting:

---QUOTE--
NET:853 Messages suppressed.
martian Source 82.103.128.48 from 213.191.128.9 on eth0
11 headers: 00:01:29:ff:fb:1c:00:04:23:9e:f2:3b:08:00
--UNQUOTE--

Please have a look at your server logs to find the cause of the problem."



Any idea what is wrong?
Can be problem with router? Virus? Wrong DirectAdmin instalation?

 

[Radek]

No advice?

please

 

[nobaloney]

Generally when no one answers it's because no one knows.

Perhaps it's caused by spoofed packets from a compromised system elsewhere on the same network.

If so you may be able to resolve the issue if your provider can give you it's own subnet.

My suggestion is to find someone on a networking forum.

Jeff