Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22418 | GEN003611 | SV-26082r1_rule | ECAT-1 | Low |
Description |
---|
Martian packets are packets containing addresses known by the system to be invalid. Logging these messages allows the SA to identify misconfigurations or attacks in progress. |
STIG | Date |
---|---|
Solaris 9 SPARC Security Technical Implementation Guide | 2014-01-08 |
Check Text ( C-30376r1_chk ) |
---|
Determine if the system is configured to log martian packets. Consult the vendor documentation to determine if a specific configuration setting is available for this function. If such a setting is available, and is not enabled, this is a finding. If no specific configuration is available for the system, check the system's local firewall configuration to determine if there are rules to log inbound traffic containing invalid source addresses, which minimally includes the system's own addresses and broadcast addresses for attached subnets. If no such rules exist, this is a finding. |
Fix Text (F-27157r1_fix) |
---|
Consult vendor documentation to determine if a configuration setting exists to enable the logging of martian packets. If so, enable this function. If no such function exists, configure the system's local firewall with rules to log inbound traffic containing invalid source addresses, which minimally includes the system's own addresses and broadcast addresses for attached subnets. |