LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 09-11-2007, 12:50 PM   #1
mikieboy
Member
 
Registered: Apr 2004
Location: Warrington, Cheshire, UK
Distribution: Linux Mint 12 LXDE
Posts: 555

Rep: Reputation: 33
martian source on boot up


I just noticed a martian source message on boot up:
Quote:
eth0: Media Link Off
eth0: Media Link On 100mbps full-duplex
martian source 255.255.255.255 from 192.168.1.1, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:12:17:c6:fc:98:08:00
martian source 255.255.255.255 from 192.168.1.1, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:12:17:c6:fc:98:08:00
martian source 255.255.255.255 from 192.168.1.1, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:12:17:c6:fc:98:08:00
martian source 255.255.255.255 from 192.168.1.1, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:12:17:c6:fc:98:08:00
NET: Registered protocol family 10
lo: Disabled Privacy Extensions
eth0: no IPv6 routers present
This is a new one to me. I'm on a home desktop system running through a wireless router.
Is my system under attack?
 
Old 09-11-2007, 07:53 PM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
My understanding of "martian" packets were they were packets coming into an interface that is different than the interface the computer would use to send packets to that source address. For example if a packets comes in on eth0 with and source address of 192.168.5.123, but the routing table routes 192.168.5.0/24 out eth1.

The address specified, 255.255.255.255 is the general broadcast address. I am not sure why this is considered martian.

EDIT: I still don't know why these broadcast packets would be considered martian, but they could be coming from another computer on your network that is doing a DHCP request or from a MS Windows computer that just likes to broadcast some NETBIOS stuff.

Last edited by blackhole54; 09-11-2007 at 07:57 PM.
 
Old 09-12-2007, 06:07 AM   #3
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 52
Rfc 1812,
Quote:
5.3.7 Martian Address Filtering

An IP source address is invalid if it is a special IP address, as
defined in 4.2.2.11 or 5.3.7, or is not a unicast address.
Only unicast adresses are allowed for source address. 255.255.255.255 is not a unicast address then it's considered invalid. Linux follows the standard.

Probably it's your wireless router that does strange things. What router is this?
Do you only have 1 ethernet adapter?

You can switch off these warnings with one of these:
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0
net.ipv4.conf.eth1.log_martians = 0
net.ipv4.conf.eth2.log_martians = 0
net.ipv4.conf.irda0.log_martians = 0

See your kernel documentation
 
Old 09-12-2007, 10:28 AM   #4
zaubermaus
LQ Newbie
 
Registered: Sep 2007
Posts: 1

Rep: Reputation: 0
Use sysctl

You should probably use sysctl -w to set those log_martians values to make changes permanent.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
martian source serge_shp Linux - Networking 1 03-24-2007 07:04 AM
martian source from my own IP? yapp Linux - Security 4 03-30-2005 06:36 PM
martian source saavik Linux - Networking 0 07-02-2003 02:47 AM
what does martian source mean? saavik Linux - Security 4 06-04-2002 08:34 AM
Martian source! Why now? Jon- Linux - Networking 1 03-05-2002 06:14 PM


All times are GMT -5. The time now is 04:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration