Hello all, What is martian source? I have created a simple firewall like below: iptables -A INPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "Stealth Scan" iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP I have my LAN subnet, 1st ISP subnet and 2nd ISP subnet and I configure the routing table in order to let the different subnets can communicate with each other. Is it affect with my routing or not if I configure my firewall like this? $ nmap -sU -p 110 myservername Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ ) Port State Service 110/udp filtered pop-3 Nmap run completed -- 1 IP address (1 host up) scanned in 1 second How can I configure my firewall to display like the result above ( nmap -sU -p 110 myservername)? Thanks, Chan Choth
* Puth Chan Choth (choth@of.forum.org.kh) [030608 22:00]:
What is martian source?
From www.susesecurity.com/faq: What does "kernel: martian source aabbccdd for 11223344, dev eth0" mean?
These are packets that Linux does not expect from the direction they came from (i.e. packets from internal hosts coming in on the external interface). The cause is probably a misconfigured machine on your LAN. You can turn off logging those packets via /proc/sys/net/ipv4/conf/*interface*/log_martians which is documented in /usr/src/linux/Documentation/proc.txt -- -ckm
* Christopher Mahmood; <ckm@suse.com> on 09 Jun, 2003 wrote:
From www.susesecurity.com/faq: What does "kernel: martian source aabbccdd for 11223344, dev eth0" mean?
These are packets that Linux does not expect from the direction they came from (i.e. packets from internal hosts coming in on the external interface). The cause is probably a misconfigured machine
Also to figure out which machine is causing the problem this might help # use this to print out the IP of the hex address note 0x must stay perl -e 'use Socket; print inet_ntoa(pack('L',0x12c49cd4)), "\n"'; -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
participants (3)
-
Christopher Mahmood -
Puth Chan Choth -
Togan Muftuoglu