3.10 Disable Response to Multicast Echo Request - current ipv4 = 0

Information

These settings control whether Solaris responds to multicast IPv4 and IPv6 echo requests.

Reduce attack surface by restricting this vector used for host discovery and to prevent denial of service attacks.

Solution

To enforce this setting for IPv4 packets, use the command:
# ipadm set-prop -p _respond_to_echo_multicast=0 ipv4

To enforce this setting for IPv6 packets, use the command:
# ipadm set-prop -p _respond_to_echo_multicast=0 ipv6

See Also

https://workbench.cisecurity.org/files/612

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12), CSCv6|9.2

Plugin: Unix

Control ID: 83755c6c89c9d95318687302205601ddbdbff881d94624a397c2b0366d10a2db