The system must ignore IPv4 ICMP redirect messages.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22416 | GEN003609 | SV-29719r1_rule | ECSC-1 | Medium |
| Description |
|---|
| ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack. |
| STIG | Date |
|---|---|
| HP-UX 11.23 Security Technical Implementation Guide | 2015-12-02 |
Details
| Check Text ( C-36510r1_chk ) |
|---|
| Determine if the system is configured to block inbound IPv4 ICMP redirect messages. # ipfstat -i Examine the list for a rule such as: block in quick proto icmp from any to any icmp-type redir If the listed rules do not block inbound IPv4 ICMP redirect messages, this is a finding. |
| Fix Text (F-31870r1_fix) |
|---|
| Edit /etc/opt/ipf/ipf.conf and add rules to block incoming IPv4 ICMP redirect messages, such as: block in quick proto icmp from any to any icmp-type redir Reload the IPF rules. Flush the rules from your ruleset using the -Fa option. The -A option specifies the active rules list. The -f option specifies the rules configuration file to be used: # ipf -Fa -A -f /etc/opt/ipf/ipf.conf |