UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must ignore ICMP redirect messages.


Overview

Finding ID Version Rule ID IA Controls Severity
V-216374 SOL-11.1-050070 SV-216374r505927_rule Low
Description
Ignoring ICMP redirect messages reduces the likelihood of denial of service attacks.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2020-09-04

Details

Check Text ( C-17610r371210_chk )
Determine if ICMP redirect messages are ignored.

# ipadm show-prop -p _ignore_redirect -co current ipv4
# ipadm show-prop -p _ignore_redirect -co current ipv6

If the output of all commands is not "1", this is a finding.
Fix Text (F-17608r371211_fix)
The Network Management profile is required.

Disable ignore redirects for IPv4 and IPv6.

# pfexec ipadm set-prop -p _ignore_redirect=1 ipv4
# pfexec ipadm set-prop -p _ignore_redirect=1 ipv6