TOSS must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.

An XCCDF Rule

Details
Profiles

Description

ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.

ID: SV-253130r991589_rule
Version: TOSS-04-040890
Severity: Medium
References: CCI-000366
Updated: 4 days ago

Remediation Templates

Configure TOSS to prevent IPv4 ICMP redirect messages from being accepted with the following command:

$ sudo sysctl -w net.ipv4.conf.default.accept_redirects=0

If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":

net.ipv4.conf.default.accept_redirects=0

TOSS must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.

Description

Remediation Templates

A Manual Procedure