Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22416 | GEN003609 | SV-29719r1_rule | ECSC-1 | Medium |
Description |
---|
ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack. |
STIG | Date |
---|---|
HP-UX 11.31 Security Technical Implementation Guide | 2017-01-27 |
Check Text ( None ) |
---|
None |
Fix Text (F-31870r1_fix) |
---|
Edit /etc/opt/ipf/ipf.conf and add rules to block incoming IPv4 ICMP redirect messages, such as: block in quick proto icmp from any to any icmp-type redir Reload the IPF rules. Flush the rules from your ruleset using the -Fa option. The -A option specifies the active rules list. The -f option specifies the rules configuration file to be used: # ipf -Fa -A -f /etc/opt/ipf/ipf.conf |