Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] What means "martian source"?
  • From: Gideon Hallett <diogenes@xxxxxxxxxx>
  • Date: Mon, 30 Sep 2002 08:54:26 +0000
  • Message-id: <200209300854.26680.diogenes@xxxxxxxxxx>
On Monday 30 September 2002 07:27, Ingo Doerrie wrote:
> Hello!

> Only one system can reach the Internet that functions as
> standard-gateway for all other systems, running some
> Virus-Scanner on windows NT 4.x.
> Directly on its console internet works pretty fine but every
> packages sent to it from the LAN don't go through.
> The only message shown on the LX-gateway is: "KERNEL:... martian
> source ..." from the IP-adress pointing to the LAN from the virus
> scanner system.
> What does this martian source stuff mean and where does it come
> from?

Martians are packets that shouldn't exist. If, for example, you get
RFC1918 traffic coming in from the outside world, that's Martian
traffic (as most network admins configure routers to stop
private-network traffic escaping - external traffic goes through a
NAT gateway).

Since incoming Martians *could* also be hostile, it's usually a good
idea to block them; and firewalls tend to do so.

If you're getting Martian-blocks from LAN traffic to your gateway,
I'd have to wonder if you've got your internal and external
interfaces mixed up. If not, have you enabled IP masquerading (NAT)
on the firewall?

- because the gateway is seeing your LAN traffic either as
*external* traffic (and thus blocking it as Martian), or as
private-network traffic (and thus not forwarding it).

Hope this helps.

Gideon Hallett.

< Previous Next >