3.10 Disable Response to Multicast Echo Request - persistent ipv4 = 0

Information

These settings control whether Solaris responds to multicast IPv4 and IPv6 echo requests.

Reduce attack surface by restricting this vector used for host discovery and to prevent
denial of service attacks.

Solution

To enforce this setting for IPv4 packets, use the command-# ipadm set-prop -p _respond_to_echo_multicast=0 ipv4To enforce this setting for IPv6 packets, use the command-# ipadm set-prop -p _respond_to_echo_multicast=0 ipv6

See Also

https://workbench.cisecurity.org/files/616

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12), CSCv6|9.2

Plugin: Unix

Control ID: 459bfd547e1b59e86cc67910d86fe3840acc811e2bc578f19179bbc159c31904