UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must not send IPv4 ICMP redirects.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22417 GEN003610 SV-26081r1_rule ECSC-1 Medium
Description
ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table that could reveal portions of the network topology.
STIG Date
UNIX SRG 2013-03-26

Details

Check Text ( C-29256r1_chk )
Determine if the system is configured to send IPv4 ICMP redirect messages. Consult vendor documentation to determine if the system originates IPv4 ICMP redirect messages and if a specific configuration setting is present and configured correctly. If no configuration is available, determine if the local firewall is configured to block IPv4 ICMP redirects originating from the system.

If the system originates IPv4 ICMP redirect messages, and is not prevented from sending them through configuration or local firewall settings, this is a finding.
Fix Text (F-26275r1_fix)
Configure the system to not send IPv4 ICMP redirect messages. Consult vendor documentation for the procedures for configuring the system configuration setting or adding a local firewall rule to prevent the sending of these messages.