Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The firewall implementation must block any packet with a source or destination of the IPv4 local host loopback address (127.0.0.0/8).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000018-FW-000205 | SRG-NET-000018-FW-000205 | SRG-NET-000018-FW-000205_rule | Medium |
| Description |
|---|
| The IPv4 loopback address should never be used as the source or destination IP address of an inbound or outbound transmission. Packets with a source IP or destination address of the 127.0.0.0/8 prefix are bogus and may be malicious. The loopback address is used by an Inter-Processor Control (IPC) mechanism that enables the client and server portion of an application running on the same machine to communicate. Any packet with a source or destination IP address of 127.0.0.0/8 must not appear outside of an enclave or be routed. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2014-07-07 |
Details
| Check Text ( C-SRG-NET-000018-FW-000205_chk ) |
|---|
| Review the configuration of the firewall implementation; if the 127.0.0.0/8 prefix is allowed as a source or destination, this is a finding. |
| Fix Text (F-SRG-NET-000018-FW-000205_fix) |
|---|
| Configure the firewall/ACL to block traffic using the 127.0.0.0/8 prefix as a source or destination address. |