Title

Stealth Mode must be enabled on the firewall. (Cat II impact)

Discussion

Enable Stealth Mode to prevent the computer from sending responses to uninvited traffic.

Check Content

Open a terminal session and enter the following command. sudo ipfw print If no line contains "deny icmp from any to me in icmptypes 8" or a more restrictive rule, this is a finding.

Fix Text

Open a terminal session and edit or create /Library/LaunchDaemons/org.freebsd.ipfw.plist and ensure it contains the following. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/ PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>org.freebsd.ipfw</string> <key>Program</key> <string>/sbin/ipfw</string> <key>ProgramArguments</key> <array> <string>/sbin/ipfw</string> <string>/etc/ipfw.conf</string> </array> <key>RunAtLoad</key> <true /> </dict> </plist> Edit or create /etc/ipfw.conf and ensure it contains the following line (the first number, a line number, may need to be changed if another line already begins with that number). Add 20 deny icmp from any to me in icmptypes 8

Additional Identifiers

Rule ID: SV-37266r1_rule

Vulnerability ID: V-25337

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.