[lug] Martians!

Ed Meyer edmeyer at smartsbroadcast.com
Fri Mar 9 09:28:49 MST 2001 

In my firewall it said the martians were misdirected packets from either
side - meaning you have the nic cards bound to the wrong network.  Try
switching the cables and see if the martians go away.  However I was getting
martians and I found out I had a client inside the firewall which wasn't
configurerd for DHCP and therefore had wrong network information and the IP
address it had made the firewall think it was being attacked from the
inside.

Ed Meyer


----- Original Message -----
From: "Anders Knudsen" <andersk at uswest.net>
To: <lug at lug.boulder.co.us>
Sent: Friday, March 09, 2001 8:43 AM
Subject: [lug] Martians!


> I am loggin martians with my ipchains filters...can someone
> explain/enlighten me what is "someone" trying to do? Also, with these
> rules, am I saved, or?
> TIA, -anders.
>
> Here is what the log entry looks like.
>
> Mar  8 20:46:23 fulcrum kernel: martian destination 3a433900 from
0264a8c0,
> dev eth0
>
>
> Following is the snippet from my ipchains script that "blocks?" this.
>
> # Disable IP spoofing attacks.
> #
> # This drops traffic addressed for one network though it is being received
on a
> # different interface.
> #
> echo "  - Disabling IP Spoofing attacks."
> for file in /proc/sys/net/ipv4/conf/*/rp_filter
> do
>   echo "2" > $file
> done
>
> # Comment the following out of you are not using a dynamic address
> #
> echo "  - Enabling dynamic TCP/IP address hacking."
> echo "1" > /proc/sys/net/ipv4/ip_dynaddr
>
>
> # Enable TCP SYN Cookie protection:
> #
> echo "  - Enable TCP SYN Cookie protection"
> echo "1" > /proc/sys/net/ipv4/tcp_syncookies
>
> # Ensure that various ICMP sanity settings are there
> #
> echo "  - Enable ICMP sanity settings"
>
> # Disable ICMP broadcast echo protection
> echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
>
> # Enable bad error message protection
> echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
>
> # Disable ICMP Re-directs
> for file in /proc/sys/net/ipv4/conf/*/accept_redirects; do
>    echo "0" > $file
>
> # Ensure that source-routed packets are dropped
> #   - If you are running IPROUTE2, this will need to be DISABLED
> #
> echo "  - Ensure that source-routed packets are dropped "
> for file in /proc/sys/net/ipv4/conf/*/accept_source_route; do
>     echo "0" > $file
> done
>
> # Log spoofed, source-routed, and redirect packets
> #
> echo "  - Log spoofed, source-routed, and redirect packets "
> for file in /proc/sys/net/ipv4/conf/*/log_martians; do
>    echo "1" > $file
> done
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list