Check: GEN003609
HP-UX 11.23 STIG:
GEN003609
(in version v1 r8)
Title
The system must ignore IPv4 ICMP redirect messages. (Cat II impact)
Discussion
ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
Check Content
Determine if the system is configured to block inbound IPv4 ICMP redirect messages. # ipfstat -i Examine the list for a rule such as: block in quick proto icmp from any to any icmp-type redir If the listed rules do not block inbound IPv4 ICMP redirect messages, this is a finding.
Fix Text
Edit /etc/opt/ipf/ipf.conf and add rules to block incoming IPv4 ICMP redirect messages, such as: block in quick proto icmp from any to any icmp-type redir Reload the IPF rules. Flush the rules from your ruleset using the -Fa option. The -A option specifies the active rules list. The -f option specifies the rules configuration file to be used: # ipf -Fa -A -f /etc/opt/ipf/ipf.conf
Additional Identifiers
Rule ID: SV-29719r1_rule
Vulnerability ID: V-22416
Group Title: GEN003609
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001503 |
The organization controls changes to the configuration settings in accordance with organizational policies and procedures. |
| CCI-001551 |
The organization defines approved authorizations for controlling the flow of information between interconnected systems. |