Results 1 to 3 of 3
  1. #1

    Martian Source messages?

    I was curious to see if anybody has had experience with this type of message:

    Oct 15 04:22:40 host kernel: martian source **.***.**.34(eth0) from **.***.**.38(static gateway), on dev eth1
    Oct 15 04:22:40 host kernel: ll header: ff:ff:ff:ff:ff:ff:00:0f:cc:18:45:c0:08:06

    NOTE: Ive added (eth0) and (static gateway)
    I also get the same messages on eth1 aswell.

    The server has eth0 and eth1 as static WAN IP's connected to a router which is configured for ip passthrough. The static ip of the gateway is the *.38, the brodcast is a *.39 and the subnet is a *.248

    These martian source messages come up frequently and Im curious as to if anybody is familiar with these messages or possibly bad configuration.

    Thank you for reading.

  2. #2
    Join Date
    Apr 2005
    packets impossible to route are logged as Martian (from private Ip address range) ...These messages are not really harmfull , but may contain information to identify unwanted traffic to your server

  3. #3
    So by saying that the packets are comming from *.38 which is the gateway to the nic's on the server, it is saying that the packets are steming from the gateway or is that stating the packets are comming THROUGH the gateway to the nics and they are possibly corrupt packets?

    How would I go about getting info from this message to find out the root of the problem?

    Do you think it could be possibly a misconfigured gateway? an attempted syn flood?
    The firewall apf that I have running, isnt leaving much of anything in its logs relating to these messages nor is there anything in the logs on the gatway relating to these events.
    Would there be any other logs that I might want to check for some more info regarding these events?

    Thank you for the response

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts