The firewall implementation must reject requests for access or services when the source address received by the firewall specifies a loopback address.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-999999-FW-000174 | SRG-NET-999999-FW-000174 | SRG-NET-999999-FW-000174_rule | Medium |
| Description |
|---|
| A loopback address is used by an Inter-Processor Control (IPC) mechanism that enables the client and server portions of an application running on the same machine to communicate, so the address is trusted. It should never be used as the source IP address of an inbound or outbound transmission. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-999999-FW-000174_chk ) |
|---|
| Verify any attempt from the firewall or any network to pass any packets claiming to be from a loopback address is blocked. If the firewall implementation does not reject requests for access or services when the source address specifies a loopback address, this is a finding. |
| Fix Text (F-SRG-NET-999999-FW-000174_fix) |
|---|
| Establish filters to block any attempt from the firewall or any network to pass any packets claiming to be from a loopback address. |