Check: GEN003610
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE:
GEN003610
(in versions v1 r14 through v1 r10)
Title
The system must not send IPv4 ICMP redirects. (Cat II impact)
Discussion
ICMP redirect messages are used by routers to inform hosts a more direct route exists for a particular destination. These messages contain information from the system's route table possibly revealing portions of the network topology.
Check Content
# /usr/sbin/no -o ipsendredirects If the value is not 0, this is a finding.
Fix Text
#/usr/sbin/no -p -o ipsendredirects=0
Additional Identifiers
Rule ID: SV-38802r1_rule
Vulnerability ID: V-22417
Group Title: GEN003610
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-001551 |
The organization defines approved authorizations for controlling the flow of information between interconnected systems. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AC-4 |
Information Flow Enforcement |