Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-239177 | PHTN-67-000106 | SV-239177r816660_rule | Medium |
Description |
---|
ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack. |
STIG | Date |
---|---|
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide | 2022-01-03 |
Check Text ( C-42388r675337_chk ) |
---|
At the command line, execute the following command: # /sbin/sysctl -a --pattern "net.ipv4.conf.(all|default|eth.*).accept_redirects" Expected result: net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 If the output does not match the expected result, this is a finding. Note: The number of "ethx" lines returned is dependent on the number of interfaces. Every "ethx" entry must be set to "0". |
Fix Text (F-42347r816659_fix) |
---|
Open /etc/sysctl.conf with a text editor. Add or update the following lines: net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 Run the following command to load the new setting: # /sbin/sysctl --load |