[plug] Martian source
James Devenish
devenish at guild.uwa.edu.au
Sun Nov 9 12:23:27 WST 2003
In message <sfadb121.060 at mmtnetworks.com.au>
on Sun, Nov 09, 2003 at 03:14:33AM +0800, Jon Miller wrote:
> Lately I've seen martian source enty in the /var/log/messages. I
> understand that they have to do with the kernel thinking they are
> spoofed or incorrect.
Yep.
> Is there a way to stop them
Fix the offending equipment :-) If you are getting these messages on a
local area network, then something is probably broken. (Note: others on
this list have mentioned that Telstra cable will cause a lot of these
errors. "Martian source" is basically a frequently asked question on
this list.)
> (I've changed the value in /etc/sysctl.conf to 0 for the rp_filter
> line) but the message is still there.
If rp_filter is the right thing to change, then you are on the right
track. However, editing /etc/sysctl.conf will only influence the system
settings upon reboot. To have changes take effect immediately, use the
`sysctl` command. For example:
sysctl -p
This will read in your modifications from /etc/sysctl.conf
> We are getting these from within the VPN and the source ip address is
> not what it should be. That is it's not from the VPN but from
> obviously spoofed ip addresses. Does anyone know of a way to 1) kill
> these off or do I need to do something else.
People would need more info to diagnose this problem for you. Might even
require someone having technical familiarity with your network.
_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
More information about the plug
mailing list