3.2.4 Ensure suspicious packets are logged (Scored)

Level 1 - Server
Level 1 - Workstation

Description

When enabled, this feature logs packets with un-routable source addresses to the kernel log.

Enabling this feature and logging these packets allows an administrator to investigate the possibility that an attacker is sending spoofed packets to their system.

Run the following command and verify output matches:

# sysctl net.ipv4.conf.all.log_martians 
net.ipv4.conf.all.log_martians = 1 
# sysctl net.ipv4.conf.default.log_martians 
net.ipv4.conf.default.log_martians = 1

Set the following parameter in the /etc/sysctl.conf file:

net.ipv4.conf.all.log_martians = 1 
net.ipv4.conf.default.log_martians = 1

Run the following commands to set the active kernel parameters:

# sysctl -w net.ipv4.conf.all.log_martians=1 
# sysctl -w net.ipv4.conf.default.log_martians=1 
# sysctl -w net.ipv4.route.flush=1

3.2.4 Ensure suspicious packets are logged (Scored)

Profile Applicability

Description

Rationale

Audit

Remediation

SecScan