search cancel

Security Analytics messages file shows a lot of packets labled "martian source"


Article ID: 175384


Updated On:


Security Analytics


When you look at /var/log/messages you see a lot of lines like these:

2019-07-01T11:01:06+03:00 SAhost kernel: : [4057421.645676] IPv4: martian source from, on dev bond0




The definition for a Martian packet is that it contains a source or destination address that is reserved for special use by the IANA

The fact that you see these packets in Security Analytics is not necessarily pointing towards a security issue.

These packets can be generated by some network tool or by a misconfigured network device, they may however be used in DOS attacks.



If you want to suppress the looging of these messages you can do this.

The messages in question are controlled by settings in /etc/sysctl.conf:

[[email protected] ~]# grep martian /etc/sysctl.conf

Setting both these settings to zero will suppress the messages. This may be useful if you know the presence of  martian packets to be of benign nature but you do not want the messages file to be flooded with information about them.