Re: kernel: martian messages

On Fri, Oct 31, 2008 at 6:59 AM, Seann Clark
<nombrandue@xxxxxxxxxxxxxxx> wrote:
..... I see this a lot on my firewall, but that is because
both my ISP and myself use a 10.x.x.x private IP range that overlaps. They
use it for the management of the cable modems, and I use it for more
traditional uses....

What you describe is more or less what occurs with my network setup.

In terms of a broadcast range, since most proper broadcasts on more up to
date TCP stacks use x.x.x.255 as the broadcast, not a full 'every network
possible' broadcast (255.255.255.255) it will fire off an alert that
something it trying a mass broadcast that it doesn't expect (since that
broadcast range will not match its known route table). This broadcast IP can
be seen a lot on DHCP type setups, or other discovery items on a computer.
You can also see occasional 224-236.x.x.x ranges fire off the same messages
on the box, for multicast messages.

The machine I was asking about uses two NICs. One for the outside world and
the other for talking to a switch where DHCP is enabled for a bunch of systems.

Given your insight then is it alright to conclude that the
"martian source" messages can be ignored and are harmless? The messages
do not fill the log files and some days are much less than others.

Your explanation was pretty good. Thanks.
~af

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines