UCF STIG Viewer Logo

The administrator must ensure that the maximum hop limit is at least 32.


Overview

Finding ID Version Rule ID IA Controls Severity
V-30617 NET-IPV6-059 SV-40390r1_rule Low
Description
The Neighbor Discovery protocol allows a hop limit value to be advertised by routers in a Router Advertisement message to be used by hosts instead of the standardized default value. If a very small value was configured and advertised to hosts on the LAN segment, communications would fail due to hop limit reaching zero before the packets sent by a host reached its destination.
STIG Date
Infrastructure Router Security Technical Implementation Guide Juniper 2018-11-27

Details

Check Text ( C-39254r1_chk )
Review the router or multi-layer switch configuration to determine if the default maximum hop limit has been configured. If it has been configured, then it must be set to at least 32.

protocols {


router-advertisement {
interface [fe-1/1/1 fe-1/1/2] {
current-hop-limit 128;
}

}
}

Note: The JUNOS default is 64. Hence, if the hop limit is not configured, the router will be in compliance with the requirement.
Fix Text (F-34363r2_fix)
Configure maximum hop limit to at least 32.