UCF STIG Viewer Logo

The system must log martian packets.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22418 GEN003611 SV-26082r1_rule ECAT-1 Low
Description
Martian packets are packets containing addresses known by the system to be invalid. Logging these messages allows the SA to identify misconfigurations or attacks in progress.
STIG Date
VMware ESX 3 Server 2016-05-13

Details

Check Text ( C-30376r1_chk )
Determine if the system is configured to log martian packets. Consult the vendor documentation to determine if a specific configuration setting is available for this function. If such a setting is available, and is not enabled, this is a finding.

If no specific configuration is available for the system, check the system's local firewall configuration to determine if there are rules to log inbound traffic containing invalid source addresses, which minimally includes the system's own addresses and broadcast addresses for attached subnets. If no such rules exist, this is a finding.
Fix Text (F-27157r1_fix)
Consult vendor documentation to determine if a configuration setting exists to enable the logging of martian packets. If so, enable this function.

If no such function exists, configure the system's local firewall with rules to log inbound traffic containing invalid source addresses, which minimally includes the system's own addresses and broadcast addresses for attached subnets.