The SUSE operating system must not respond to Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.

An XCCDF Rule

Description

Responding to broadcast (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks.

ID: SV-217290r991589_rule
Version: SLES-12-030380
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Configure the SUSE operating system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):

net.ipv4.icmp_echo_ignore_broadcasts = 1

Run the following command to apply this value:

# sysctl --system