Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The network element must ensure that ICMPv6 unreachable notifications and redirects are disabled on all external facing interfaces.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-14670 | NET-IPV6-016 | SV-15320r1_rule | Medium |
| Description |
|---|
| The Internet Control Message Protocol version 6 (ICMPv6) supports IPv6 traffic by relaying information about paths, routes, and network conditions. Routers automatically send ICMPv6 messages under a wide variety of conditions. ICMPv6 messages are commonly used by attackers for network mapping and diagnosis: Host unreachable, and Redirect. |
| STIG | Date |
|---|---|
| Perimeter L3 Switch Security Technical Implementation Guide | 2017-06-27 |
Details
| Check Text ( C-12786r1_chk ) |
|---|
| Review the active configuration to determine if controls have been defined to ensure router has ICMPv6 unreachables or redirects disabled any external interfaces. |
| Fix Text (F-14131r1_fix) |
|---|
| The network element configuration must be changed to ensure ICMPv6 unreachables and redirects are disabled at all external interfaces. |