The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.
An XCCDF Rule
Description
Responding to broadcast (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks.
- ID
- SV-256568r991589_rule
- Version
- PHTN-30-000099
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
At the command line, run the following commands:
# sed -i -e "/^net.ipv4.icmp_echo_ignore_broadcasts/d" /etc/sysctl.conf
# echo net.ipv4.icmp_echo_ignore_broadcasts=1>>/etc/sysctl.conf
# /sbin/sysctl --load