RHEL 9 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.

An XCCDF Rule

Details
Profiles

Description

Responding to broadcast (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks. Ignoring ICMP echo requests (pings) sent to broadcast or multicast addresses makes the system slightly more difficult to enumerate on the network.

ID: SV-257966r991589_rule
Version: RHEL-09-253055
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Configure RHEL 9 to not respond to IPv4 ICMP echoes sent to a broadcast address.

Add or edit the following line in a single system configuration file, in the "/etc/sysctl.d/" directory:

net.ipv4.icmp_echo_ignore_broadcasts = 1
Load settings from all system configuration files with the following command:

$ sudo sysctl --system

RHEL 9 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.

Description

Remediation Templates

A Manual Procedure