The system must not respond to ICMP broadcast netmask requests.

An XCCDF Rule

Description

By determining the netmasks of various computers in your network, an attacker can better map your subnet structure and infer trust relationships.

ID: SV-216371r959010_rule
Version: SOL-11.1-050040
Severity: Low
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

The Network Management profile is required.

Disable responses to address mask broadcast.

# pfexec ipadm set-prop -p _respond_to_address_mask_broadcast=0 ip