Ugh. Console messages about martians almost always tell you there is something seriously wrong with your network. Turning them off is like disconnecting a burglar alarm. In your case, these messages indicate that an unguarded (?) backdoor to your network is currently open.
This will disable martian logging for interface $IFNAME: echo "0" >/proc/sys/net/ipv4/conf/$IFNAME/log_martians AFAIK you can't log martians to a file without seeing them on the console, unless you want to stop seeing all level 4 kernel messages (KERN_WARNING). You can probably do this by modifying /etc/init.d/sysklogd to read klogd -c 4 instead of whatever is there now (I'm using busybox klogd, which doesn't support this parameter; please correct if necessary). <rant> Sorry for being so cranky about this, but wanting to make martian messages go away without fixing the underlying problem is a Bad Thing. You have a nice security system with deadbolts on your front door, but you leave the backdoor unlocked. Those martian messages at least let you know when the back door is open and remind you to install a lock on the damn thing. </rant> -Richard > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Doug Hite > Sent: Friday, March 08, 2002 11:21 AM > To: [EMAIL PROTECTED] > Subject: [Leaf-user] Re : martians on internal network ??? > > > We see martians from users on our private network that are using > dial up internet accounts on W2k computers, external of the > "normal" way of getting to the internet (through our LEAF router). > Does anyone have a fix either on the W2k side or on the router > to stop the console logging of these ? (without turning off > martian logging completely) > > Doug > > ============================================== > >We are seeing martians on internal networks on a regular basis. > >Usually, it is traceable to users logging into AOL over our > high speed > >internet connections: > > > > 172.128.0.0 - 172.191.255.255 > > > >Today, we saw one from United Airlines: > > 205.174.16.0 - 205.174.23.255 > > > >[1] How does this happen? > >[2] Why does this happen? > >[3] Is this exploitable? > > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
