Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-227804 | GEN003611 | SV-227804r603266_rule | Low |
Description |
---|
Martian packets are packets containing addresses known by the system to be invalid. Logging these messages allows the SA to identify misconfigurations or attacks in progress. |
STIG | Date |
---|---|
Solaris 10 X86 Security Technical Implementation Guide | 2022-09-07 |
Check Text ( C-36467r603004_chk ) |
---|
If the system is not a global zone, this vulnerability is not applicable. Determine if the system is configured to log martian packets. Examine the IPF rules on the system. Procedure: # ipfstat -i There must be rules logging inbound traffic containing invalid source addresses, which minimally include the system's own addresses and broadcast addresses for attached subnets. If such rules do not exist, this is a finding. |
Fix Text (F-36431r603005_fix) |
---|
Configure the system to log martian packets using IPF. Add rules logging inbound traffic containing invalid source addresses, which minimally include the system's own addresses and broadcast addresses for attached subnets. For example, consider a system with a single network connection having IP address 192.168.1.10 with a local subnet broadcast address of 192.168.1.255. Packets with source addresses of 192.168.1.10 and 192.168.1.255 must be logged if received by the system from the network connection. Edit /etc/ipf/ipf.conf and add the following rules, substituting local addresses and interface names: block in log quick on ce0 from 192.168.1.10 to any block in log quick on ce0 from 192.168.1.255 to any Reload the IPF rules. Procedure: # ipf -Fa -A -f /etc/ipf/ipf.conf |