Detections
Analytics
GEN003603 - The system must not respond to ICMPv4 echoes sent to a broadcast address.
Information
Responding to broadcast Internet Control Message Protocol (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks.Solution
Configure the system to ignore ICMP ECHO_REQUESTs sent to broadcast addresses.# no -po bcastping=0
See Also
https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip
Item Details
Audit Name: DISA STIG AIX 6.1 v1r14
Category: ACCESS CONTROL
References: 800-53|AC-4, CAT|II, CCI|CCI-001551, Group-ID|V-22410, Rule-ID|SV-38797r1_rule, STIG-ID|GEN003603, Vuln-ID|V-22410
Plugin: Unix
Control ID: 2bd86aeaf556a6e6f3229fa9e522cefb6cfc197c3e988a2eec8cc9e989f83d9e