3.2.4 Ensure suspicious packets are logged - 'net.ipv4.conf.all.log_martians = 1 /etc/sysctl.conf /etc/sysctl.d/*'

Information

Enabling this feature and logging these packets allows an administrator to investigate the possibility that an attacker is sending spoofed packets to their system.

Solution

Set the following parameters in the /etc/sysctl.conf file - net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1 Run the following commands to set the active kernel parameters - # sysctl -w net.ipv4.conf.all.log_martians=1
# sysctl -w net.ipv4.conf.default.log_martians=1
# sysctl -w net.ipv4.route.flush=1

See Also

https://workbench.cisecurity.org/files/1863

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c., CSCv6|6

Plugin: Unix

Control ID: d91a52114e3166a556b9d5513cc992b0f5573f71bc4d9b470440dc6f63e66609