Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-30617 | NET-IPV6-059 | SV-40390r1_rule | Low |
Description |
---|
The Neighbor Discovery protocol allows a hop limit value to be advertised by routers in a Router Advertisement message to be used by hosts instead of the standardized default value. If a very small value was configured and advertised to hosts on the LAN segment, communications would fail due to hop limit reaching zero before the packets sent by a host reached its destination. |
STIG | Date |
---|---|
Perimeter Router Security Technical Implementation Guide Juniper | 2017-03-09 |
Check Text ( C-39254r1_chk ) |
---|
Review the router or multi-layer switch configuration to determine if the default maximum hop limit has been configured. If it has been configured, then it must be set to at least 32. protocols { … … router-advertisement { interface [fe-1/1/1 fe-1/1/2] { current-hop-limit 128; } … } } Note: The JUNOS default is 64. Hence, if the hop limit is not configured, the router will be in compliance with the requirement. |
Fix Text (F-34363r2_fix) |
---|
Configure maximum hop limit to at least 32. |