Check: SOL-11.1-050060
Solaris 11 SPARC STIG:
SOL-11.1-050060
(in versions v2 r10 through v1 r10)
Title
The system must not respond to multicast echo requests. (Cat III impact)
Discussion
Multicast echo requests can be useful for reconnaissance of systems and for denial of service attacks.
Check Content
Determine if response to multicast echo requests is disabled. # ipadm show-prop -p _respond_to_echo_multicast -co current ipv4 # ipadm show-prop -p _respond_to_echo_multicast -co current ipv6 If the output of all commands is not "0", this is a finding.
Fix Text
The Network Management profile is required. Disable respond to echo multi-cast for IPv4 and IPv6. # pfexec ipadm set-prop -p _respond_to_echo_multicast=0 ipv4 # pfexec ipadm set-prop -p _respond_to_echo_multicast=0 ipv6
Additional Identifiers
Rule ID: SV-216373r603267_rule
Vulnerability ID: V-216373
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |