As a security best practice, verify that your VMware virtual appliance host machines log IPv4 Martian packets.

About this task

Martian packets contain addresses that the system knows to be invalid. Configure your host machines to log these messages so that you can identify misconfigurations or attacks in progress.

Procedure

  1. Run the # grep [01] /proc/sys/net/ipv4/conf/*/log_martians|egrep "default|all" command on the VMware appliance host machines to verify that they log IPv4 Martian packets.

    If the virtual machines are configured to log Martian packers, they return the following:

    /proc/sys/net/ipv4/conf/all/log_martians:1
    /proc/sys/net/ipv4/default/log_martians:1

    If the host machines are configured correctly, no further action is necessary.

  2. If you need to configure virtual machines to log IPv4 martian packets, open the /etc/sysctl.conf file in a text editor.
  3. Check the values of the lines that start with net.ipv4.conf.

    If the value for the following entries are not set to 1or if they do not exist, add them to the file or update the existing entries accordingly.

    net.ipv4.conf.all.log_martians=1
    net.ipv4.conf.default.log_martians=1
  4. Save your changes and close the file.