Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-48185 | SOL-11.1-050060 | SV-61057r1_rule | Low |
Description |
---|
Multicast echo requests can be useful for reconnaissance of systems and for denial of service attacks. |
STIG | Date |
---|---|
Solaris 11 SPARC Security Technical Implementation Guide | 2017-09-20 |
Check Text ( C-50617r1_chk ) |
---|
Determine if response to multicast echo requests is disabled. # ipadm show-prop -p _respond_to_echo_multicast -co current ipv4 # ipadm show-prop -p _respond_to_echo_multicast -co current ipv6 If the output of all commands is not "0", this is a finding. |
Fix Text (F-51793r1_fix) |
---|
The Network Management profile is required. Disable respond to echo multi-cast for IPv4 and IPv6. # pfexec ipadm set-prop -p _respond_to_echo_multicast=0 ipv4 # pfexec ipadm set-prop -p _respond_to_echo_multicast=0 ipv6 |