GEN007880 - The system must not send IPv6 ICMP redirects.

Information

ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table that could reveal portions of the network topology.

Solution

Configure the system to not send IPv6 ICMP redirects.
# /usr/sbin/no -p -o ipsendredirects=0

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-4, CAT|II, CCI|CCI-001551, Group-ID|V-22551, Rule-ID|SV-38826r1_rule, STIG-ID|GEN007880, Vuln-ID|V-22551

Plugin: Unix

Control ID: 441ec50dd5ad7c87361ed4ac8df7fdb1bf6b0844c2b1fecdcb877029c5b0dee9