Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: kernel: martian source

from [Peter Hunt] Network Security [Permanent Link]
Subject: Re: kernel: martian source
Date: Thu, 26 May 2005 02:06:22 -0600 
Ben wrote:

Hi

I have messages like the following line in my log file, what can I do about it?

kernel: martian source [server IP] from 68.50.206.106, on dev eth0

This happens after the IP 68.50.206.106 has been dropped by PortSentry.

I have Swatch, PortSentry, Snort and GIPTables running on my CentOS 4.0 server.

I contacted my ISP and they told me that I should be worried. I
googled these keywords but did not find any information that I could
use to fix this.

Should I be worried?

The martian source message usually indicates the interface knows nothing about the packets source host/network and that particular packet should not be appearing on the interface. This is usually routing misconfiguration, but occasionally something more unusual. If you have the ethernet address of the source in your log you could possibly use that to try and work out what is sending the packet, otherwise some ethereal / tcpdump output of the problem packet may be helpful to diagnose whats happening.

--
Peter Hunt
Engineering, USA
Opengear Inc - Secure Server Management - www.opengear.com

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: kernel: martian source, Mihai Amarandei
Next by Date:  RE: ISA 2004 - professional opinion, Hesperia DOS-IT Security
Previous by Thread:  Re: kernel: martian source, Mihai Amarandei
Next by Thread:  ISA 2004 - professional opinion, secdata
Indexes:  [Date] [Thread] [Top] [All Lists]