Displaying 20 results from an estimated 73 matches for "martian".
Did you mean:
marian
2002 Nov 15
1
Did I get hacked?? strange log info...
...d access.. but how is he connecting in the first
place.. And why isnt he being refused by my servers hosts.deny file...?
I have about 6 of these rogue logs with different connect names being used..
what can I do to clear this up??
Also on a side note, Any of you know what the deal is with the martian
messages my kernel is getting??
or how to stop them?? They appeared right after a connection attempt by
Gustavo.. I've attached a sample.. there are about 200-500 of them ::
Nov 14 04:40:00 server CROND[20451]: (root) CMD (
/usr/share/msec/promisc_check.sh)
Nov 14 04:40:14 server smbd[20...
2012 Jul 31
11
A lot of kernel martian source messages in /var/log/messages
Hi all:
I see a lot of the errors below in /var/log/messages on my firewall:
Aug 1 00:47:44 munin kernel: [109008.257109] martian source 192.168.1.5 from 127.0.0.1, on dev eth1
Aug 1 00:48:44 munin kernel: [109068.257384] martian source 192.168.1.5 from 127.0.0.1, on dev eth1
Aug 1 00:49:44 munin kernel: [109128.257509] martian source 192.168.1.5 from 127.0.0.1, on dev eth1
Aug 1 00:50:44 munin kernel: [109188.257788] mart...
2007 Feb 10
0
mutliple default routes, rp_filter and martians
I have a theory on the cause of a problem but it is still only a theory.
I wonder if anyone here can confirm.
I have a multi-isp configuration with a multi-path default route to each
ISP, equally weighted.
I am seeing, periodically, traffic dropped due to martian detection and
errors logged on inbound traffic, but at other times, that same exact
traffic will be allowed, no errors.
My supposition is this: If I use "ip route get <source_addr>" for the
source address that rp_filter is dropping traffic from I can see that
it''s reporti...
2004 Nov 26
5
Martian sources...
We are seeing the following in our logs:
Nov 25 16:21:41 fw kernel: martian source 139.142.66.253 from
10.0.0.199, on dev eth0
Nov 25 16:21:41 fw kernel: ll header:
00:a0:c9:60:0e:b2:00:02:7e:21:0e:dc:08:00
00:a0:c9:60:0e:b2 is the mac of our firewall interface on IP
139.142.66.253.
00:02:7e:21:0e:dc is the mac of our Cisco router on IP 10.0.0.1
10.0.0.199 is a Cisc...
2004 Feb 26
4
Help! Martians invading through IPSec. :-)
...ppreciated.
If I connect via IPSec from a machine behind a router on the remote
end, all is fine:
192.168.42.242/32 == 12.221.192.13 -- 208.10.57.129 == 192.168.168.0/24
However, if I connect from a direct endpoint on the net like this:
12.221.194.89 -- 208.10.57.129 == 192.168.168.0/24
I get martian errors:
Feb 25 20:09:04 fw kernel: martian source 208.10.57.129 from
12.221.194.89, on dev eth0
I''m most perplexed as to where to look...
interfaces:
rw ipsec+
zones:
rw RoadWarriors Road Warriors
policy:
rw rw ACCEPT
rw loc ACCEPT
loc rw ACCE...
2014 Sep 17
2
lost packets - Bond
...0
Permanent HW addr: 2c:59:e5:3c:71:6c
Slave queue ID: 0
[root at xxxxx ~]# cat /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
IPADDR=10.104.x.x
NETMASK=255.255.255.0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
BONDING_OPTS="mode=1 miimon=1000"
In /var/log/messages I have a lot martian source ....
[root at xxxxx ~]# tail -f /var/log/messages
Sep 17 13:26:38 xxxxx kernel: IPv4: martian source 10.104.172.0 from 0.0.0.0, on dev
bond0
Sep 17 13:26:38 xxxxx kernel: ll header: 00000000: ff ff ff ff ff ff 00 00 00 00 5b
00 08 00 ..........[...
Sep 17 13:26:39 xxxxx kernel: I...
2010 Nov 25
13
VLAN martians
I''m playing around with VLAN''s and I have a VLAN capable (layer 2) smart
switch. I see a steady stream of martians in the logfile if I have the
routefilter option set on the loc zone interfaces in
/etc/shorewall/interfaces. I have two interfaces in the loc zone, eth1
and vlan2 respectively. vlan2 is an 802.1q trunk going towards the switch.
Is this the expected behavior in this configuration? I just want t...
2012 May 16
1
ARP requests are interpreted as a martian
...t subnets, the next two are two different ISP''s and the last one
is a private network for testing and administration. The second internal
subnet (eth1) is rejecting all the arp requests to it and I get the
following in the log files ever second or two -
May 16 05:28:54 services kernel: martian source 172.28.130.6 from
172.28.130.1, on dev eth1
May 16 05:28:54 services kernel: ll header:
ff:ff:ff:ff:ff:ff:00:a0:c8:83:d3:c8:08:06
172.28.130.1 is the router and 172.28.130.6 is eth1. Because of this the
router is having issues getting traffic to it. Also this is a VPN
gateway with ipsec...
2007 Feb 09
26
transient "martian source ..." errors
...oute_rules as suggested by Tom and
Jerry suggested.
Lately I have been seeing "transient" (I say transient because the
problem will persist for a while and then magically clear itself up some
number of minutes later) situations where my gateway will log:
Feb 9 17:23:45 gw.ilinx kernel: martian source 66.11.173.224 from 64.86.88.116, on dev eth1
Feb 9 17:23:45 gw.ilinx kernel: ll header: 00:a0:24:2a:1f:72:00:13:5f:07:97:05:08:00
but I''m not quite sure how to read these and/or what would be causing
them.
Concerning the packet that the message is describing I can assert that
e...
2008 Feb 25
7
kernel: martian
...S2: ABC.DEF.254.101 ABC.DEF.254.101 ABC.DEF.254.101
NS3: ABD.XYZ.254.100 ABD.XYZ.254.100 ABD.XYZ.254.100
/etc/shorewall/zones
fw firewall
net ipv4
loc ipv4
serv ipv4
/etc/shorewall/interfaces
net eth0 detect proxyarp,tcpflags,routefilter,nosmurfs,logmartians,norfc1918
serv eth1 detect dhcp
loc eth2 detect dhcp,tcpflags,nosmurfs,blacklist
(no masq file, no proxyarp file)
This is also the setup for a firewall for the same local network
(Shorewall 1.0.3) which works for several years. I just want to replace
the older PC with a newer one ...
I hav...
2008 Feb 29
5
shorewall-perl not handling "logmartians" correctly
I''ve set up a simple 2-interface Linux router using shorewall-perl 4.0.8
(and upgraded to 4.0.9). Everything works flawlessly. One small
exception I have noticed (since I''m a new shorewall user I
assume this is probably an error on my part).
1. Problem:
With no "logmartians" entries in /etc/shorewall/interfaces,
shorewall-perl sets /proc/sys/net/ipv4/conf/*/log_martians to "0".
2. Expected behavior:
For any interface entry in /etc/shorewall/interfaces for which the
"logmartians" option is not present, shorewall-perl should take no
action, le...
2010 Feb 16
3
isusable/swping script
...301
192.168.0.1 track,balance eth0,eth1,eth0.*
freeold 2048 2048 main eth2.302
88.162.207.254 track,balance eth0,eth1,eth0.*
****
****
Log :
*eth2.303 is Down!*
Restarting Shorewall....
Initializing...
Setting up Route Filtering...
Setting up Martian Logging...
Adding Providers...
Setting up Traffic Control...
Preparing iptables-restore input...
Running /sbin/iptables-restore...
IPv4 Forwarding Enabled
done.
....
....
172.20.8.0/24 dev eth0.9 proto kernel scope link src 172.20.8.254
default
nexthop via 88.162.205.254 dev eth2.303 we...
2013 Nov 21
14
openvpn restart fails with dual entry in conntrack and wrong sourceport
the establishment of an openvpn link sometimes fails.
I tracked it down to network traffic with wrong Sourceport in the answer
packet (should be 1300 not 1024):
2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300
Destination port: 1300
3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024
Destination port: 1300
and a collateral entry in the connection tracking table
2005 Dec 02
3
Trouble redirecting traffic on transparent bridge.
...IP 172.16.110.139.1782 > 216.193.202.92.80: S 1919280507:1919280507(0) win 65535 <mss 1460,nop,nop,sackOK>
15:09:24.427183 IP 172.16.110.139.1782 > 216.193.202.92.80: S 1919280507:1919280507(0) win 65535 <mss 1460,nop,nop,sackOK>
But the kernel sees the traffic as "martian" and disards them:
Dec 1 15:09:45 xxxxxxxx last message repeated 9 times
Dec 1 15:11:37 xxxxxxxx kernel: martian destination 127.0.0.1 from 172.16.110.139, dev br0
Dec 1 15:11:46 xxxxxxxx last message repeated 2 times
Ok, that isn''t what I want to see... so I tried...
2004 Oct 14
0
Shorewall 2.1.11
...dds the following
features:
1) The default Drop and Reject actions now invoke the new standard
action ''AllowICMPs''. This new action accepts critical ICMP types:
Type 3 code 4 (fragmentation needed)
Type 11 (TTL exceeded)
2) Explicit control over the kernel''s Martian logging is now provided
using the new ''logmartians'' interface option. If you include
''logmartians'' in the interface option list then logging of Martian
packets on will be enabled on the specified interface.
If you wish to globally enable martian loggi...
2013 Nov 08
0
(no subject)
i am reaving lots of martian broadcats
Nov 8 15:37:57 firewall kernel: [ 895.708393] martian source 192.168.0.3
from 192.168.0.1, on dev eth0
Nov 8 15:37:57 firewall kernel: [ 895.708399] ll header:
ff:ff:ff:ff:ff:ff:90:f6:52:3f:65:c0:08:00
Nov 8 15:37:59 firewall kernel: [ 897.711647] martian source 192.168.0.3
from 19...
2013 Jun 14
0
[Bug 745] [addrtype]addrtype can't match src-type BROADCAST packets
...|netfilter at linuxace.com
Resolution| |INVALID
--- Comment #1 from Phil Oester <netfilter at linuxace.com> 2013-06-14 17:01:31 CEST ---
These packets will never make it to netfilter, because they will be dropped by
the network core as a martian source. If you enable logging of martian packets
(via /proc/sys/net/ipv4/conf/*/log_martians), you will see an entry in your
syslog similar to this:
localhost kernel: [19202.736982] IPv4: martian source 192.168.19.150 from
192.168.19.255, on dev p3p1
As such, this is not a netfilter bug - it is...
2008 May 29
1
shorewall & ipsec rules with "FORWARD:DROP" packets
.....
inet Zone: eth0:0.0.0.0/0
pflan Zone: eth1:0.0.0.0/0
baja Zone: ipsec+:192.168.90.0/24
bcvpn Zone: ipsec+:192.168.0.0/24
Deleting user chains...
Compiling /etc/shorewall/routestopped ...
Creating Interface Chains...
Compiling Common Rules
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling IP Forwarding...
Compiling /etc/shorewall/rules...
Compiling /etc/shorewall/tunnels...
Compiling Actions...
Compiling /usr/share/shorewall/action.Drop for Chain Drop...
Compiling /usr/share/shorewall/action.Reject for Chain Reject...
Compiling /etc/shorewall/policy...
Compiling...
2010 Sep 07
3
Lost Connection 15~20 Minutes after starting Shorewall - Shorewall really culprit?
Hi,
I have recently installed shorewall with a very simple rules configuration,
----------------------------------
#SECTION RELATED
SECTION NEW
Ping/ACCEPT all $FW
Trcrt/ACCEPT all $FW
SSH/ACCEPT all $FW
ACCEPT net $FW tcp http
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
-----------------------------------------
and I have no
2018 Jun 26
3
Semi-OT: ipmitool or ipmicfg: set BMC to use NIC 2
The man page isn't helping, nor have I been able to find examples that work.
For example, the man page claims I can do ipmitool lan get active, and I
try, and it says, "invaling lan command, get".
Do I set the MAC address for the lan to NIC 2? Anyone have a clue - I do
*not* want martians on the real network.
mark