The system must not respond to broadcast ICMP echo requests.

An XCCDF Rule

Description

ICMP echo requests can be useful for reconnaissance of systems and for denial of service attacks.

ID: SV-216372r959010_rule
Version: SOL-11.1-050050
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

The Network Management profile is required.

Disable respond to echo broadcast.

# pfexec ipadm set-prop -p _respond_to_echo_broadcast=0 ip