3.2.4 Ensure suspicious packets are logged - 'sysctl net.ipv4.conf.default.log_martians'

Information

When enabled, this feature logs packets with un-routable source addresses to the kernel log. Enabling this feature and logging these packets allows an administrator to investigate the possibility that an attacker is sending spoofed packets to their system.

Solution

Set the following parameters in the /etc/sysctl.conf file: net.ipv4.conf.default.log_martians = 1net.ipv4.conf.default.log_martians = 1 Run the following commands to set the active kernel parameters: # sysctl -w net.ipv4.conf.default.log_martians=1# sysctl -w net.ipv4.conf.default.log_martians=1# sysctl -w net.ipv4.route.flush=1

See Also

https://workbench.cisecurity.org/files/1866

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c., CSCv6|6

Plugin: Unix

Control ID: 258da37553c6e7386c4f6a5483d2698270c707152e115eb2dfdf1ef1f4b82dbf