3.8 Disable Response to ICMP Broadcast Netmask Requests - current ip = 0

Information

This setting controls whether Solaris will respond to ICMP broadcast netmask requests.

Reduce attack surface by restricting this vector used for host and network discovery and to prevent denial of service attacks.

Solution

To enforce this setting, use the command:
# ipadm set-prop -p _respond_to_address_mask_broadcast=0 ip

See Also

https://workbench.cisecurity.org/files/611

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12), CSCv6|9.2

Plugin: Unix

Control ID: 9c23957acb31f8a135a67de14d4a100a41824aad9cf917c17617a988a9016fc4