martians question...probably a silly one...but very confused

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

martians question...probably a silly one...but very confused

Philip Warner
I've seen a lot about martian sources being from a 'wrong' subnet, and
in that context can not see why I am getting lots of martian messages in
my logs:

Sep 21 22:29:49 ares kernel: martian source 203.8.195.10 from
203.8.195.20, on dev eth1
Sep 21 22:29:49 ares kernel: ll header:
ff:ff:ff:ff:ff:ff:00:50:ba:39:10:22:08:06

where eth1 is configured as:

eth1      Link encap:Ethernet  HWaddr 00:50:BA:39:10:22
          inet addr:203.8.195.20  Bcast:203.8.195.255  Mask:255.255.255.0
          inet6 addr: fe80::250:baff:fe39:1022/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          collisions:0 txqueuelen:1000

and the routing has:

203.8.195.0/24 dev eth1  proto kernel  scope link  src 203.8.195.20

Admittedly, I'm no expert, but this looks like it should be OK: the
martian 203.8.195.10 is on eth1's subnet, and the routing tables
recognize where to send such packets...so any explanation or help would
be appreciated.

There are also 2 other ethernet devices,  one to a 10.x.y/24 address
range and the other to part of the same address range:

eth2      Link encap:Ethernet  HWaddr 00:01:80:5C:8B:35
          inet addr:203.8.195.121  Bcast:203.8.195.121  Mask:255.255.255.255

(this interface should really be dropped, it's there for a legacy
network that is now not used)...and when I drop eth2, I still get
martians...so I assume it's not relevant.





--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here