DISA STIGS Viewer

The BGP router must be configured to reject inbound route advertisements for any Bogon prefixes.

Overview

Finding ID Version Rule ID IA Controls Severity
V-207098 SRG-NET-000018-RTR-000002 SV-207098r604135_rule   Medium
Description
Accepting route advertisements for Bogon prefixes can result in the local autonomous system (AS) becoming a transit for malicious traffic as it will in turn advertise these prefixes to neighbor autonomous systems.
STIG Date
Router Security Requirements Guide 2024-05-28

Details

Check Text (C-7359r382139_chk)
Review the router configuration to verify that it will reject routes of any Bogon prefixes.

The prefix filter must be referenced inbound on the appropriate BGP neighbor statements.

If the router is not configured to reject inbound route advertisements for any Bogon prefixes, this is a finding.
Fix Text (F-7359r382140_fix)
Ensure all eBGP routers are configured to reject inbound route advertisements for any Bogon prefixes.