AIX must not respond to ICMPv6 echo requests sent to a broadcast address.
An XCCDF Rule
Description
Responding to broadcast ICMP echo requests facilitates network mapping and provides a vector for amplification attacks.
- ID
- SV-215430r991589_rule
- Version
- AIX7-00-003135
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the system to not respond to IPv6 multicast ICMP ECHO_REQUESTs by running:
# /usr/sbin/no -p -o bcastping=0