Very Computer

by **Rob van der Putte** » Fri, 25 Mar 2011 03:09:29

Hi there

A bit from the syslog (UTC + 1);
Mar 23 06:04:27 sput kernel: [245625.292575] IN=xs6all OUT=
MAC=20:00:40:2f:ae:8f:0a:00:00:96:ff:03:00:21:45:00:00:5c:00:00:40:00:3e:29:c3:ba:c2:6d:05:f1:50:65:5f:fb:60:00:00:00:00:20:06:74:20:02:18:e6:b8:dc:00:00:00:00:00:00:18:e6:b8:dc:20:01:08:88:15:33:00:01:00:00:00:00:00:00:00:01:cb:ec:1f:90:fd:63:87:3b:00:00:00:00:80:c2:20:00:dd:de:00:00:02:04:04:c4:01:03:03:08:01:01:04:02:ef:67:31:20:30:35:3a:30:33:3a:32:35:20:47:4d:54:0d:0a:53:65:72:76:65:72:3a:20:41:70:61:63:68:65:2f:32:2e:32:2e:31:36:20:28:44
TUNNEL=194.109.5.241->80.101.95.251
SRC=2002:18e6:b8dc:0000:0000:0000:18e6:b8dc
DST=2001:0888:1533:0001:0000:0000:0000:0001 LEN=72 TC=0 HOPLIMIT=116
FLOWLBL=0 PROTO=TCP SPT=52204 DPT=8080 WINDOW=8192 RES=0x00 CWR ECE SYN
URGP=0
Mar 23 06:04:30 sput kernel: [245628.308577] IN=xs6all OUT=
MAC=00:00:eb:01:00:00:7e:ff:7d:23:ff:03:00:21:45:00:00:5c:00:00:40:00:3e:29:c3:ba:c2:6d:05:f1:50:65:5f:fb:60:00:00:00:00:20:06:74:20:02:18:e6:b8:dc:00:00:00:00:00:00:18:e6:b8:dc:20:01:08:88:15:33:00:01:00:00:00:00:00:00:00:01:cb:ec:1f:90:fd:63:87:3b:00:00:00:00:80:c2:20:00:dd:de:00:00:02:04:04:c4:01:03:03:08:01:01:04:02:ef:67:62:2f:6b:69:74:65:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:41:63:63:65:70:74:3a:20:74:65:78:74:2f:68:74:6d:6c:2c:74:65:78:74
TUNNEL=194.109.5.241->80.101.95.251
SRC=2002:18e6:b8dc:0000:0000:0000:18e6:b8dc
DST=2001:0888:1533:0001:0000:0000:0000:0001 LEN=72 TC=0 HOPLIMIT=116
FLOWLBL=0 PROTO=TCP SPT=52204 DPT=8080 WINDOW=8192 RES=0x00 CWR ECE SYN
URGP=0
Mar 23 06:04:36 sput kernel: [245634.328566] IN=xs6all OUT=
MAC=00:00:8f:01:00:00:7e:ff:7d:23:ff:03:00:21:45:00:00:58:00:00:40:00:3e:29:c3:be:c2:6d:05:f1:50:65:5f:fb:60:00:00:00:00:1c:06:74:20:02:18:e6:b8:dc:00:00:00:00:00:00:18:e6:b8:dc:20:01:08:88:15:33:00:01:00:00:00:00:00:00:00:01:cb:ec:1f:90:fd:63:87:3b:00:00:00:00:70:02:20:00:f2:ad:00:00:02:04:04:c4:01:01:04:02:91:bf:5e:64:08:88:15:33:00:01:00:00:00:00:00:00:00:01:00:7b:00:7b:00:38:c6:4f:23:01:06:ed:00:00:00:00:00:00:00:41:50:50:53:00:d1:33:fd:1e
TUNNEL=194.109.5.241->80.101.95.251
SRC=2002:18e6:b8dc:0000:0000:0000:18e6:b8dc
DST=2001:0888:1533:0001:0000:0000:0000:0001 LEN=68 TC=0 HOPLIMIT=116
FLOWLBL=0 PROTO=TCP SPT=52204 DPT=8080 WINDOW=8192 RES=0x00 SYN URGP=0

Those 'MAC=' strings are rather weird. There are even bits of ascii in
there (converting :XX to an ascii value);

05:03:25 GMT
Server: Apache/2.2.16

/kite/ HTTP/1.1
Accept: text/html,text

'xs6all' is a v4tunnel interface. Which doesn't have a mac address.

Any idea what is going on?

Regards,
Rob

Very Computer

Weird ip6tables mac= logging

Weird ip6tables mac= logging