NET-IPV6-016 - ICMPv6 unreachable notifications and redirects must be disabled - 'Null0 - no ipv6 unreachables'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The network element must be configured so that ICMPv6 unreachable notifications and redirects are disabled on all external facing interfaces.

The Internet Control Message Protocol version 6 (ICMPv6) supports IPv6 traffic by relaying information about paths, routes, and network conditions. Routers automatically send ICMPv6 messages under a wide variety of conditions. ICMPv6 messages are commonly used by attackers for network mapping and diagnosis: Host unreachable, and Redirect.

Solution

The network element configuration must be changed to ensure ICMPv6 unreachables and redirects are disabled at all external interfaces.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_Perimeter_Router_L3_Switch_V8R32_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(16), CAT|II, Rule-ID|SV-15320r2_rule, STIG-ID|NET-IPV6-016, Vuln-ID|V-14670

Plugin: Cisco

Control ID: ea5af324f42c49cc43ff122045cb198f1906d2416ed2c68d1e0aec31c64209e9