As I understand, these martian sources appear when a network address that doesn't belong to the subnet on any of your interfaces, starts broadcasting it's packets around. For example if you have the following interfaces:
eth0: 10.0.0.1 255.255.255.0 ppp0: public_ip 255.255.255.255 lo: 127.0.0.1 255.255.255.0
and you hook up a PC, or in your case a printer with address: 192.168.0.9 to your eth0 subnet. If any sort of packets are broadcast from this PC/printer you'll get "martians" in your logfiles, since 192.168.0.9 doesn't belong to the 10.0.0.1 subnet. It doesn't matter that practically the 192.168.0.9 address isn't reachable, any packets it puts out on the network cause "martians".
To get rid of it and still be able to reach your printer, create a virtual interface eth0:0 with subnet 192.168.0.0/24 (this will create an automatic route for you) and you should be able to get rid of "martians" and reach your printer.
That is one case that I've found when "martians" appear, there may be other conditions, in the worst case "rgrep -r -i martian /usr/src/linux" :)
Regards, Sadin
At 05:10 05/07/2003, you wrote:
Hi I've been watching this thread, had the same problem on and internal interface. If the interface eth0 is your external , ie connected to the internet ,
why not configure iptables to drop traffic from this print server, but
allow replies to your print requests.
As you have the MAC address of the print server, allow established
packets , but not new, or if its an ipp broadcast just drop the
broadcasts.
If you using shorewall check the documentation.
Just an idea
HTH
Richard
On Fri, 2003-07-04 at 03:00, Greg Meyer wrote:
> I am still having trouble with martians. If you recall, I have a samll
> Netgear print server on my HP Laserjet 1100 that is sending out martians
> every minute. I tried Mark Watts suggestion to make an entry in my
> level.local file, but the messages about martians are still showing up in my
> /var/log/messages
>
> Here is the snippit from the post I am referring to.
>
> [Me]
> > Now to figure out how to either get my machine to ignore them, or get the
> > print server to stop sending them.
>
> [Mark]
> echo "enable_log_strange_packets(no)" >> /etc/security/msec/level.local &&
> /etc/cron.hourly/msec
>
>
> Here is the contents of my level.local
>
> $ cat /etc/security/msec/level.local
> enable_log_strange_packets(no)
>
> Here is an example of the log entry Iam getting.
>
> kernel: martian source 192.168.0.9 from 192.168.0.0, on dev eth0
> kernel: ll header: 00:50:2c:05:79:b1:00:c0:02:d7:89:03:08:00
>
> Does anybody know how to prevent these martians from being logged?
--
Richard Bown <[EMAIL PROTECTED]>
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
