Check: GEN003611
VMware ESX 3 Server:
GEN003611
(in version v1 r2)
Title
The system must log martian packets. (Cat III impact)
Discussion
Martian packets are packets containing addresses known by the system to be invalid. Logging these messages allows the SA to identify misconfigurations or attacks in progress.
Check Content
Determine if the system is configured to log martian packets. Consult the vendor documentation to determine if a specific configuration setting is available for this function. If such a setting is available, and is not enabled, this is a finding. If no specific configuration is available for the system, check the system's local firewall configuration to determine if there are rules to log inbound traffic containing invalid source addresses, which minimally includes the system's own addresses and broadcast addresses for attached subnets. If no such rules exist, this is a finding.
Fix Text
Consult vendor documentation to determine if a configuration setting exists to enable the logging of martian packets. If so, enable this function. If no such function exists, configure the system's local firewall with rules to log inbound traffic containing invalid source addresses, which minimally includes the system's own addresses and broadcast addresses for attached subnets.
Additional Identifiers
Rule ID: SV-26082r1_rule
Vulnerability ID: V-22418
Group Title: GEN003611
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000126 |
The organization determines that the organization-defined subset of the auditable events defined in AU-2 are to be audited within the information system. |
Controls
Number | Title |
---|---|
AU-2 |
Audit Events |