GEN007880 - The system must not send IPv6 ICMP redirects.

Information

ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table that could reveal portions of the network topology.

Solution

Configure the system to not send IPv6 ICMP redirects.
# /usr/sbin/no -p -o ipsendredirects=0

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-4, CAT|II, CCI|CCI-001551, Rule-ID|SV-38826r1_rule, STIG-ID|GEN007880, Vuln-ID|V-22551

Plugin: Unix

Control ID: ff12f4da9854b0cbc4621ed61bdb105e5e7b5eb969afdeaf557afdd2d8dc8ab8