Knowledgebase

Portal Home > Knowledgebase > Articles Database > Martian source Attack issue - Advice need

Martian source Attack issue - Advice need

Posted by kebirhost, 12-07-2011, 07:13 AM

Hello, We are taking attack as below. How can we avoid this? We are waiting your advices please. Dec 7 11:10:41 melik kernel: martian source xxx.xxx.xx.xxx from 0.191.129.77, on dev eth0 Dec 7 11:10:41 melik kernel: ll header: 00:0a:e4:8a:a3:86:80:71:1f:e2:73:00:08:00 Dec 7 11:10:46 melik kernel: printk: 204 messages suppressed. Dec 7 11:10:46 melik kernel: martian source xxx.xxx.xx.xxx from 0.138.81.35, on dev eth0 Dec 7 11:10:46 melik kernel: ll header: 00:0a:e4:8a:a3:86:80:71:1f:e2:b6:80:08:00 Dec 7 11:10:51 melik kernel: printk: 221 messages suppressed. Dec 7 11:10:51 melik kernel: martian source xxx.xxx.xx.xxx from 0.74.253.69, on dev eth0 Thanks, Melih

---

Posted by SolidJoe, 12-07-2011, 03:00 PM

If the Martians are attacking, I'm not sure there is much we can do.

---

Posted by T-Junk, 12-07-2011, 10:19 PM

I researched it a bit for you on the internet, and that appears to be logs for "Martian Address Filtering". It appears to be a defense mechanism built in some routers (Dlink, most notably) for DOS attacks. I found three articles you should read: Martian Address Filtering Defining Martian Address Filtering What is a "martian source" in my logs Best of luck with it!!

---

Posted by khunj, 12-08-2011, 12:24 PM

There is nothing to do unless it is a network issue (wrong configuration). Those are packets with bogus IPs, they are blocked and logged. You can turn off logging via sysctl.

---

Add to Favourites    Print this Article

VPS: solusvm - openvz (Views: 684)

Vision Plateau - review (Views: 734)

Can anyone beat site5.com space/bandwith/features? (Views: 752)

Help to find Out of date WordPress and list of wordpress sites ssh (Views: 702)

HostForWeb or Hosteasier (Views: 706)