WatchGuard : ICMP Error Handling - 'host-unreachable'

Information

ICMP Error messages can be used as a means to compromise sytems and networks. Appropriate configuration and filtering of these messages should be used to reduce potential threats.

Solution

In the Web UI navigate to the 'System' - > 'Global Settings' - > 'Networking' section. Uncheck the box for 'Host unreachable'.

See Also

https://www.sans.org/security-resources/idfaq/icmp_misuse.php

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7

Plugin: WatchGuard

Control ID: 6f1690c2a5a7d9be648f23e6ea1ba3f5fb3841e6e24d2a29d56cbe1bf1a3534a