Free DISA STIG and SRG Library | Vaulted

V-22410

The system must not respond to ICMPv4 echoes sent to a broadcast address.

Finding ID
GEN003603
Rule ID
SV-38797r1_rule
Severity
Cat II
CCE
(None)
Group Title
GEN003603
CCI
CCI-001551
Target Key
(None)
Documentable
No
Discussion

Responding to broadcast Internet Control Message Protocol (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks.

Fix Text

Configure the system to ignore ICMP ECHO_REQUESTs sent to broadcast addresses. # no -po bcastping=0

Check Content

# /usr/sbin/no -o bcastping If the value returned is not 0, this is a finding.

Responsibility

System Administrator

IA Controls

ECSC-1