This article covers how to block and log suspicious martian packets on Linux servers.
Log Suspicious Martian Packets in Linux:
On the public Internet, such a packet's (Martian) source address is either spoofed, and it cannot originate as claimed, or the packet cannot be delivered.
Both IPv4 and IPv6, martian packets have a source or destination addresses within special-use ranges as per RFC 6890.
Benefits of logging of martians packets:
As I said earlier a martian packet is a packet with a source address that cannot be routed over the public Internet.
Such a packet is waste of resources on your server.
Often martian and unroutable packet used for a dangerous purpose or DoS/DDOS your server.
So you must drop bad martian packet earlier and log into your server for further inspection.
To log Martian packets on Linux?
You need to use sysctl command command to view or set Linux kernel variables that can logs packets with un-routable source addresses to the kernel log file such as /var/log/messages.
To log suspicious martian packets on Linux:
You need to set the following variables to 1 in /etc/sysctl.conf file:
Edit file /etc/sysctl.conf, enter:
# vi /etc/sysctl.conf
Append/edit as follows:
Save and close the file.
To load changes, type:
# sysctl -p