From SOLARIS 10 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE
Part of GEN003611
Associated with: CCI-000126
Martian packets are packets containing addresses known by the system to be invalid. Logging these messages allows the SA to identify misconfigurations or attacks in progress.
If the system is not a global zone, this vulnerability is not applicable. Determine if the system is configured to log martian packets. Examine the IPF rules on the system. Procedure: # ipfstat -i There must be rules logging inbound traffic containing invalid source addresses, which minimally include the system's own addresses and broadcast addresses for attached subnets. If such rules do not exist, this is a finding.
Configure the system to log martian packets using IPF. Add rules logging inbound traffic containing invalid source addresses, which minimally include the system's own addresses and broadcast addresses for attached subnets. For example, consider a system with a single network connection having IP address 192.168.1.10 with a local subnet broadcast address of 192.168.1.255. Packets with source addresses of 192.168.1.10 and 192.168.1.255 must be logged if received by the system from the network connection. Edit /etc/ipf/ipf.conf and add the following rules, substituting local addresses and interface names: block in log quick on ce0 from 192.168.1.10 to any block in log quick on ce0 from 192.168.1.255 to any Reload the IPF rules. Procedure: # ipf -Fa -A -f /etc/ipf/ipf.conf
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer