Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must not send IPv6 ICMP redirects.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22551 | GEN007880 | SV-26939r1_rule | ECSC-1 | Medium |
| Description |
|---|
| ICMP redirect messages are used by routers to inform hosts of a more direct route existing for a particular destination. These messages contain information from the system's route table possibly revealing portions of the network topology. |
| STIG | Date |
|---|---|
| HP-UX 11.31 Security Technical Implementation Guide | 2017-12-08 |
Details
| Check Text ( C-27887r1_chk ) |
|---|
| Determine if the system is configured to not send IPv6 ICMP redirect messages. # ndd -get /dev/ip6 ip6_send_redirects If the command returns 1, this is a finding. |
| Fix Text (F-24184r1_fix) |
|---|
| Configure the system to not send IPv6 ICMP redirect messages. # ndd -set /dev/ip6 ip6_send_redirects 0 Edit /etc/rc.config.d/nddconf: TRANSPORT_NAME[index]=ip6 NDD_NAME[index]=ip6_send_redirects NDD_VALUE[index]=0 Where: index is the next available integer value of the nddconf file. n is a number: either 1 to turn the feature ON or 0 to turn it OFF. |