PowerScale: Health Check Framework Security Evaluation Reports Network Sysctls as Incorrectly Configured

Summary: This article describes a change in the PowerScale Health Check Framework (version 34.1.0) where default networking sysctls may be identified as potentially insecure.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

When running the PowerScale Health Check Framework's security evaluation (sysctl_values) on version 34.1.0. The following sysctls are identified as INFO: 
INFO: sysctl net.inet.tcp.blackhole should be enabled (set to 1 or 2) to disguise ports without valid sockets from port scanners.

INFO: sysctl net.inet.udp.blackhole should be enabled (set to 1) to disguise ports without valid sockets from port scanners.

INFO: sysctl net.inet.icmp.drop_redirect should be enabled (set to 1) to prevent traffic sniffing and some man-in-the-middle attacks.

INFO: sysctl net.inet.ip.redirect should be disabled (set to 0) to prevent traffic sniffing and some man-in-the-middle attacks.
This identifies the default values from these OIDs: 
net.inet.tcp.blackhole

net.inet.udp.blackhole

net.inet.icmp.drop_redirect

net.inet.ip.redirect

Cause

The Health Check Frame was updated before a full evaluation of the values and before any documentation was updated.

Resolution

There is no action required. The INFO messages can be ignored. The INFO flags are planned to be removed from the Health Check Framework.

Any plan to return these checks to the Health Check Framework is unknown until an evaluation is completed. Documentation is planned to be updated after the evaluation.

Affected Products

PowerScale OneFS
Article Properties
Article Number: 000217105
Article Type: Solution
Last Modified: 18 مايو 2026
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.