I found a number of messages in SuSE 10's /var/log/warn similar to:
Code:
Mar 16 04:25:16 linux kernel: martian source <my ip addr> from 225.230.230.234, on dev eth0
Mar 16 04:25:16 linux kernel: ll header: 00:50:fc:fa:8c:1b:00:11:bc:a8:94:54:08:00
The dates and times vary, but the "from" IP is always the same. I can't, however, find this address listed in the firewall log.
This IP address appears in a post on
another forum, associated with an AD-Aware warning of a possible browser hijack.
Rob.