UCF STIG Viewer Logo

The Photon operating system must log IPv4 packets with impossible addresses.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239180 PHTN-67-000109 SV-239180r816666_rule Medium
Description
The presence of "martian" packets (which have impossible addresses) as well as spoofed packets, source-routed packets, and redirects could be a sign of nefarious network activity. Logging these packets enables this activity to be detected.
STIG Date
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2022-06-17

Details

Check Text ( C-42391r675346_chk )
At the command line, execute the following command:

# /sbin/sysctl -a --pattern "net.ipv4.conf.(all|default|eth.*).log_martians"

Expected result:

net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.eth0.log_martians = 1

If the output does not match the expected result, this is a finding.

Note: The number of "ethx" lines returned is dependent on the number of interfaces. Every "ethx" entry must be set to "1".
Fix Text (F-42350r816665_fix)
Open /etc/sysctl.conf with a text editor.

Add or update the following lines:

net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.eth0.log_martians = 1

Run the following command to load the new setting:

# /sbin/sysctl --load