Information
When enabled, this feature logs packets with un-routable source addresses to the kernel log.
Setting net.ipv4.conf.all.log_martians and net.ipv4.conf.default.log_martians to 1` enables this feature. Logging these packets allows an administrator to investigate the possibility that an attacker is sending spoofed packets to their system.
Solution
Set the following parameters in /etc/sysctl.conf or a file in /etc/sysctl.d/ ending inconf :
- net.ipv4.conf.all.log_martians = 1
- net.ipv4.conf.default.log_martians = 1
Example:
# printf '%s
' "net.ipv4.conf.all.log_martians = 1" "net.ipv4.conf.default.log_martians = 1" >> /etc/sysctl.d/60-netipv4_sysctl.conf
Run the following command to set the active kernel parameters:
# {
sysctl -w net.ipv4.conf.all.log_martians=1
sysctl -w net.ipv4.conf.default.log_martians=1
sysctl -w net.ipv4.route.flush=1
}
Note: If these settings appear in a canonically later file, or later in the same file, these settings will be overwritten