UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must reject requests for access or services when the source IP address specifies a loopback address.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-999999-FW-000182 SRG-NET-999999-FW-000182 SRG-NET-999999-FW-000182_rule Medium
Description
A loopback address is used by an Inter-Processor Control (IPC) mechanism that enables the client and server portions of an application running on the same machine to communicate, so address is trusted. It should never be used as the source IP address of an inbound or outbound transmission.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-999999-FW-000182_chk )
Verify any attempt from the firewall or any network to pass any packets claiming to be from a loopback address is blocked.

If the firewall implementation does not reject packets when the source IP address is a loopback address, this is a finding.
Fix Text (F-SRG-NET-999999-FW-000182_fix)
Establish filters to block any attempt from the firewall or any network to pass any packets claiming to be from a loopback address.