Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-11-2007, 12:50 PM   #1
Registered: Apr 2004
Location: Warrington, Cheshire, UK
Distribution: Linux Mint 19.1 Xfce
Posts: 555

Rep: Reputation: 33
martian source on boot up

I just noticed a martian source message on boot up:
eth0: Media Link Off
eth0: Media Link On 100mbps full-duplex
martian source from, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:12:17:c6:fc:98:08:00
martian source from, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:12:17:c6:fc:98:08:00
martian source from, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:12:17:c6:fc:98:08:00
martian source from, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:12:17:c6:fc:98:08:00
NET: Registered protocol family 10
lo: Disabled Privacy Extensions
eth0: no IPv6 routers present
This is a new one to me. I'm on a home desktop system running through a wireless router.
Is my system under attack?
Old 09-11-2007, 07:53 PM   #2
Senior Member
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
My understanding of "martian" packets were they were packets coming into an interface that is different than the interface the computer would use to send packets to that source address. For example if a packets comes in on eth0 with and source address of, but the routing table routes out eth1.

The address specified, is the general broadcast address. I am not sure why this is considered martian.

EDIT: I still don't know why these broadcast packets would be considered martian, but they could be coming from another computer on your network that is doing a DHCP request or from a MS Windows computer that just likes to broadcast some NETBIOS stuff.

Last edited by blackhole54; 09-11-2007 at 07:57 PM.
Old 09-12-2007, 06:07 AM   #3
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
Rfc 1812,
5.3.7 Martian Address Filtering

An IP source address is invalid if it is a special IP address, as
defined in or 5.3.7, or is not a unicast address.
Only unicast adresses are allowed for source address. is not a unicast address then it's considered invalid. Linux follows the standard.

Probably it's your wireless router that does strange things. What router is this?
Do you only have 1 ethernet adapter?

You can switch off these warnings with one of these:
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0
net.ipv4.conf.eth1.log_martians = 0
net.ipv4.conf.eth2.log_martians = 0
net.ipv4.conf.irda0.log_martians = 0

See your kernel documentation
Old 09-12-2007, 10:28 AM   #4
LQ Newbie
Registered: Sep 2007
Posts: 1

Rep: Reputation: 0
Use sysctl

You should probably use sysctl -w to set those log_martians values to make changes permanent.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
martian source serge_shp Linux - Networking 1 03-24-2007 07:04 AM
martian source from my own IP? yapp Linux - Security 4 03-30-2005 06:36 PM
martian source saavik Linux - Networking 0 07-02-2003 02:47 AM
what does martian source mean? saavik Linux - Security 4 06-04-2002 08:34 AM
Martian source! Why now? Jon- Linux - Networking 1 03-05-2002 06:14 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:39 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration