What is the usefulness of logging of martians packet (e.g., net.ipv4.conf.all.log_martians)?

Most of the time when I perform any search on hardening of a linux box etc, in the list there is always a section of log of Martian packet(IP) without any further explanation.

net.ipv4.conf.all.log_martians =1
net.ipv4.icmp_ignore_bogus_error_responses =1

I have done some googling but it doesn't look like martians packets are source of attack or so. Can anyone shed the light ?

Thank you

Solution 1:

A martian packet is a packet with a source address which is obviously wrong - nothing could possibly be routed back to that address.

An example would be if a packet on the public internet was discovered having a source address of 192.168.0.1 - an address belonging to one of the IANA reserved private address spaces. Another example could be a packet having a source address of 192.168.0.1 on a private network only utilizing the 10.0.0.0/8 private address space.

As such a packet is a waste of processing power and bandwidth wherever it appears, blocking it as early on as possible in a network could be considered a beneficial practice.

With regards to attacks, a martian packet says little about what an attack payload would be, beyond it consuming bandwidth and processing resources. However the source machine would be challenging to trace as the actual source address is not present (making martians an ideal complement to DOS/DDOS, assuming the packet is not discarded early on in the network path).

Misconfiguration or uncustomized default configurations are likely sources of martians.

I have great difficulty motivating why filtering martians would be a bad idea. As for logging it could be good at least for finding those not entirely uncommon misconfigurations, but it would be something for each organisation to decide. Unnecessary log clutter is also consumptive and a nuisance too.

More info here.