GEN003611 - The system must log martian packets.

Information

Martian packets are packets containing addresses known by the system to be invalid. Logging these messages allows the SA to identify misconfigurations or attacks in progress.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the system to log martian packets.

Add rules to log inbound traffic containing invalid source addresses, which minimally include the system's own addresses and broadcast addresses for attached subnets.

For example, consider a system with a single network connection having IP address 192.168.1.10 with a local subnet broadcast address of 192.168.1.255.
Packets with source addresses of 192.168.1.10 and 192.168.1.255 must be logged if received by the system from the network connection.
Use the smit utility or genfilt command to add logging of martian packets (packets with a source address of 192.168.1.10 and 192.168.1.255).

# smitty ipsec4

OR

# genfilt -v4 -a P -s 192.168.1.10 -m 0.0.0.0 -d 0.0.0.0 -M -0.0.0.0 -c all -o any -O any -p 0 -P 0 -w I -l y -i en0
# genfilt -v4 -a P -s 192.168.1.255 -m 0.0.0.0 -d 0.0.0.0 -M -0.0.0.0 -c all -o any -O any -p 0 -P 0 -w I -l y -i en0

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2d., CAT|III, CCI|CCI-000126, Group-ID|V-22418, Rule-ID|SV-38868r1_rule, STIG-ID|GEN003611, Vuln-ID|V-22418

Plugin: Unix

Control ID: 10a6f06b19df91c16b0a519bcb616a607794bd7d59417e3dce2549481060cdf2