Martian Source

Hi,

I’ve googled this subject till my eyes are blur but I can’t seem to find a solution so far. Basically I get (A LOT!!!) messages of the form:

Nov 26 15:07:07 bunyip kernel: martian source 192.168.19.255 from 192.168.19.1, on dev eth0
Nov 26 15:07:07 bunyip kernel: ll header: ff:ff:ff:ff:ff:ff:00:30:0a:7f:39:a0:08:00

It seems that the messages are not dangerous BUT they keep filling up my logs (I get over a thousand such lines every day!!)

Does anyone know how to get rid of them??

Background: Installed OpenSuse 11.1 this weekend on a sever that was previously using Debian. Never had these messages previously. The server is 192.168.19.1 and the gateway is 192.168.19.254 (AZTECH ADSL2+ DSL600E(C) router).

Would appreciate any help to get rid of these annoying and space occupying messages. Much thanks for any insights!

Your network is not configured properly. It means There are two interfaces in the same segment. One of the interfaces can see the packets from the other interfaces. Linux is completely confused now.

These are packets that Linux does not expect from the direction they came
from (i.e. packets from internal hosts coming in on the external interface).
The cause is probably a misconfigured machine on your LAN.
You can turn off logging those packets via
/proc/sys/net/ipv4/conf/interface/log_martians
which is documented in /usr/src/linux/Documentation/proc.txt

IT Resource Center forums - kernel: martian source messages in RHEL4 - This thread has been closed

Hi Pilgervater,

Thanks for the quick feedback. I’ve checked the network and there is only one user with 192.168.19.1 (the server). I did an arp -av and I can’t see any other user with the same ip config (or trying to pretend to be 192.168.19.1). I tried to trace the mac address and confirm there are no cards with that mac address anywhere in the system.

Any other way to try and trace this “martian”??

Again thanks for the feedback.

bunyip:/var/log # arp -av
BookabUser84 (192.168.19.84) at 00:21:97:75:5e:23 [ether] on eth0
BookabUser86 (192.168.19.86) at 00:30:ab:01:ae:a3 [ether] on eth0
AZTECHadsl (192.168.19.254) at 00:30:0a:7f:39:a0 [ether] on eth0
BookabUser82 (192.168.19.82) at 00:0c:29:a2:98:1a [ether] on eth0
BookabUser80 (192.168.19.80) at 00:16:e6:36:7f:c7 [ether] on eth0
BookabUser83 (192.168.19.83) at 00:26:bb:54:09:30 [ether] on eth0
BookabUser87 (192.168.19.87) at 00:21:97:89:e8:f5 [ether] on eth0

Hi jonathan_r,

Thanks for the helpful link - at least I can try to stop the messages now from cluttering my log files!! I woudl still like to trace the “martian” and zap him altogether if possible!!

Thanks for the feedback.