The system must not respond to multicast echo requests.

An XCCDF Rule

Description

Multicast echo requests can be useful for reconnaissance of systems and for denial of service attacks.

ID: SV-216136r959010_rule
Version: SOL-11.1-050060
Severity: Low
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

The Network Management profile is required.

Disable respond to echo multi-cast for IPv4 and IPv6.

# pfexec ipadm set-prop -p _respond_to_echo_multicast=0 ipv4
# pfexec ipadm set-prop -p _respond_to_echo_multicast=0 ipv6