Check: GEN003609
HP-UX 11.31 STIG:
GEN003609
(in versions v1 r19 through v1 r13)
Title
The system must ignore IPv4 ICMP redirect messages. (Cat II impact)
Discussion
ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
Check Content
Determine if the system is configured to block inbound IPv4 ICMP redirect messages. # ipfstat -i Examine the list for a rule such as: block in quick proto icmp from any to any icmp-type redir If the listed rules do not block inbound IPv4 ICMP redirect messages, this is a finding.
Fix Text
Edit /etc/opt/ipf/ipf.conf and add rules to block incoming IPv4 ICMP redirect messages, such as: block in quick proto icmp from any to any icmp-type redir Reload the IPF rules. Flush the rules from your ruleset using the -Fa option. The -A option specifies the active rules list. The -f option specifies the rules configuration file to be used: # ipf -Fa -A -f /etc/opt/ipf/ipf.conf
Additional Identifiers
Rule ID: SV-29719r1_rule
Vulnerability ID: V-22416
Group Title: GEN003609
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001503 |
The organization controls changes to the configuration settings in accordance with organizational policies and procedures. |
| CCI-001551 |
The organization defines approved authorizations for controlling the flow of information between interconnected systems. |