| 1. In the Trend Micro SMS, navigate to "Profiles" and "Inspection Profiles" and select the organization's profile. |
2. If there is not one configured, select "Default".
3. Click "Search".
4. Under "Filter criteria", select all "Filter categories". Select the "Filter Name" section. If the following filter names are not set to Block+Notify, this is a finding:
- 0137: ICMP: Unreachable (All codes)
- 0157: ICMP: Redirect Net
- 0158: ICMP: Redirect Host
- 0159: ICMP: Redirect for TOS and Network
- 0160: ICMP: Redirect for TOS and Host
- 0161: ICMP: Redirect Undefined Code
- 5084: ICMP: Address Mask Request (type 17)
- 41039: ICMP: Address Mask Reply (Type 18)
If there are no ICMP Destination Unreachable, Redirect, and Address Mask reply message policies defined, this is a finding.
Note: If the site has set up a security profile (i.e., not using the default profile), then this should be inspected using the site's SSP for compliance.