Detections
Analytics
GEN003603 - The system must not respond to ICMPv4 echoes sent to a broadcast address.
Information
Responding to broadcast Internet Control Message Protocol (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks.Solution
Configure the system to ignore ICMP ECHO_REQUESTs sent to broadcast addresses.# no -po bcastping=0
See Also
http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip
Item Details
Audit Name: DISA AIX 5.3 STIG v1r2
Category: SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|SC-7(12), CAT|II, CCI|CCI-001551, Rule-ID|SV-38797r1_rule, STIG-ID|GEN003603, Vuln-ID|V-22410
Plugin: Unix
Control ID: 9c146e55995881ab406237162e7c4c0650ecce9cf945c421bee543785c33eee7