The martians have landed!

The martians have landed!

Post by Graham Vincen » Sat, 03 Aug 2002 12:14:31



Hello.

I have been connecting my laptop to my home network through a switch on
eth0. Works well and picks up an IP address from dhcpd. Recently I added
a second ethernet card (eth1) to my linux 2.2.21 box and started to plug
in the laptop through that (crossover cable). It was working last week
but today the logs are calling it a martian and refusing me access to
the network drives.

Snippet from /var/log/messages:

Aug  2 13:36:33 stargate kernel: martian source c800040a for c800040a,
 dev eth1
Aug  2 13:36:33 stargate kernel: ll header: ff ff ff ff ff ff 00 02 a5
 9a d2 15 08 06
Aug  2 13:36:34 stargate kernel: martian source c800040a for c800040a,
 dev eth1
Aug  2 13:36:34 stargate kernel: ll header: ff ff ff ff ff ff 00 02 a5
 9a d2 15 08 06
Aug  2 13:36:35 stargate kernel: martian source c800040a for c800040a,
 dev eth1
Aug  2 13:36:35 stargate kernel: ll header: ff ff ff ff ff ff 00 02 a5
 9a d2 15 08 06
Aug  2 13:37:00 stargate kernel: martian source c800040a for ffff050a,
 dev eth1
Aug  2 13:37:00 stargate kernel: ll header: ff ff ff ff ff ff 00 02 a5
 9a d2 15 08 00

I have the following at the beginning of my ipchains script to catch
spoofing, etc."

# Hang on long enough to get ppp0 up..
echo 1 > /proc/sys/net/ipv4/ip_dynaddr

# Enable IP Forwarding, if it isn't already
echo 1 > /proc/sys/net/ipv4/ip_forward

# Enable TCP SYN Cookie Protection
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Enable always defragging Protection
echo 1 > /proc/sys/net/ipv4/ip_always_defrag

# Enable broadcast echo  Protection
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# Enable bad error message  Protection
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

# Enable IP spoofing protection
# turn on Source Address Verification
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
    echo 1 > $f
done

# Disable ICMP Redirect Acceptance
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
    echo 0 > $f
done

# Disable Source Routed Packets
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
    echo 0 > $f
done

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
for f in /proc/sys/net/ipv4/conf/*/log_martians; do
    echo 1 > $f
done

What do I have to do to persuade the box that the laptop is OK connecting
on eth1 or eth0?

Thanks,

Graham

 
 
 

The martians have landed!

Post by mjt » Mon, 05 Aug 2002 05:40:03


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message


> I have been connecting my laptop to my home network through a switch on
> eth0. Works well and picks up an IP address from dhcpd. Recently I added
> a second ethernet card (eth1) to my linux 2.2.21 box and started to plug
> in the laptop through that (crossover cable). It was working last week
> but today the logs are calling it a martian and refusing me access to
> the network drives.

> Snippet from /var/log/messages:
> Aug  2 13:36:33 stargate kernel: martian source c800040a for c800040a,

start with:  /usr/src/linux/Documentation/networking/ip-sysctl.txt

IMSMC, it means it is logging packets that have un-routable
source addresses.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Michael J. Tobler: motorcyclist, surfer,  #    Black holes result
 skydiver, and author: "Inside Linux",     #   when God divides the  
 "C++ HowTo", "C++ Unleashed"              #     universe by zero

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9TD5ctTveLPAHcDIRAq1pAJ9tD04u17aerNuChz9yGdUo0IVtwACePbzM
JYZoN6+t4ayp17R/d1ciMho=
=zcTu
-----END PGP SIGNATURE-----

 
 
 

1. Martian 11 Headers

Hi,

I'm having some problems with my Internet configuration. I keep getting
Martian 11 Headers, when I receive a packet from my ISP's DHCP server. This
is very odd, because I didn't tamper with any configuration file, or the
kernel for that matter, but it suddenly occurred. Because it blocks my ISP,
Internet doesn't work.

Now I found the following about martian 11 headers:

What does "kernel: martian source aabbccdd for 11223344, dev eth0" mean?
These are packets that Linux does not expect from the direction they came
from (i.e. packets from internal hosts coming in on the external interface).
The cause is probably a misconfigured machine on your LAN. You can turn off
logging those packets via
/proc/sys/net/ipv4/conf/*interface*/log_martians
which is documented in /usr/src/linux/Documentation/proc.txt

Again, it worked flawlessly till this morning. As a firewall I use
firestarter 0.8.2,
which has never caused any problems before, and when it blocks something,
you don't
get a message about an 11 header. So I don't think firestarter is the cause.
I just wonder. It's just a stupid thought maybe, but today here in Holland
we adjusted our clocks
for daylight savingstime last night. Could this have something to do with
it?

Is there somebody with similar problems or someone else, who can help me
out.

thanx

Daniel

2. NDC Sohoware PNP adapter (NE2000 Compatible) problem

3. martian packet notifications from the kernel?

4. need I say more? Solaris 9 offers the same quality package management that you have grown to expect

5. martians probs

6. Creating new user

7. Martians?

8. NFS with RH7.0

9. Martian source

10. Houston, The mouse has landed...

11. VPN through NAT gateway fails (martian packets)

12. newB logging martians

13. Cyber Citizen lands Felony Charges?