UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The router must be configured to restrict traffic destined to itself.


Overview

Finding ID Version Rule ID IA Controls Severity
V-78215 SRG-NET-000205-RTR-000001 SV-92921r2_rule High
Description
The route processor handles traffic destined to the router—the key component used to build forwarding paths and is also instrumental with all network management functions. Hence, any disruption or DoS attack to the route processor can result in mission critical network outages.
STIG Date
Router Security Requirements Guide 2020-06-30

Details

Check Text ( C-77771r1_chk )
Review the access control list (ACL) or filter for the router receive path and verify that it will only process specific management plane and control plane traffic from specific sources.

If the router is not configured with a receive-path filter to restrict traffic destined to itself, this is a finding.

Note: If the platform does not support the receive path filter, verify that all Layer 3 interfaces have an ingress ACL to control what packets are allowed to be destined to the router for processing.
Fix Text (F-84943r1_fix)
Configure all routers with receive path filters to restrict traffic destined to the router.