CISC-RT-000170 - The Cisco switch must be configured to have Internet Control Message Protocol (ICMP) unreachable messages disabled on all external interfaces - ip unreachables
The ICMP supports IP traffic by relaying information about paths, routes, and network conditions. Switches automatically send ICMP messages under a wide variety of conditions. Host unreachable ICMP messages are commonly used by attackers for network mapping and diagnosis. NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Disable ip unreachables on all external interfaces as shown below: SW1(config)# int e2/7 SW1(config-if)# no ip unreachables SW1(config-if)# end