The firewall must block outbound IP packets that contain illegitimate packet attributes including, at a minimum, invalid source address or packets that fail minimum length tests (TCP length, UDP length, IP data length) that have undefined protocol numbers, improper use of hop-by-hop header, or IPv6 RH0 header.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-79481 | SRG-NET-000364-FW-000037 | SV-94187r1_rule | Medium |
| Description |
|---|
| If outbound communications traffic is not filtered, hostile activity intended to harm other networks may not be detected and prevented. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2018-12-24 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (None) |
|---|
| None |