The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-256568 | SRG-OS-000480-GPOS-00227 | PHTN-30-000099 | SV-256568r991589_rule | 2024-12-16 | 1 |
| Description |
|---|
| Responding to broadcast (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks. |
| ℹ️ Check |
|---|
| At the command line, run the following command: # /sbin/sysctl -a --pattern ignore_broadcasts Expected result: net.ipv4.icmp_echo_ignore_broadcasts = 1 If the output does not match the expected result, this is a finding. |
| ✔️ Fix |
|---|
| At the command line, run the following commands: # sed -i -e "/^net.ipv4.icmp_echo_ignore_broadcasts/d" /etc/sysctl.conf # echo net.ipv4.icmp_echo_ignore_broadcasts=1>>/etc/sysctl.conf # /sbin/sysctl --load |