3.3.4 Ensure suspicious packets are logged

Information

When enabled, this feature logs packets with un-routable source addresses to the kernel log.

Enabling this feature and logging these packets allows an administrator to investigate the possibility that an attacker is sending spoofed packets to their system.

Solution

Set the following parameters in /etc/sysctl.conf or a /etc/sysctl.d/* file:

net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1

Run the following commands to set the active kernel parameters:

# sysctl -w net.ipv4.conf.all.log_martians=1
# sysctl -w net.ipv4.conf.default.log_martians=1
# sysctl -w net.ipv4.route.flush=1

See Also

https://workbench.cisecurity.org/files/3682