CPM Filtering: Filter for ICMP - dest-unreachable

Information

CPM-Filters are used to restrict (or in combination with cpm-queues, rate limit) traffic destined to the CPU on the SF/CPM including routing protocols. These filters are implemented in TiMOS/SR-OS such that packets exit on first match to perform the associated action. It is critical that filter entries be properly sequenced from most to least explicit. The CPM filters are dedicated ACL-like filters that act only on control traffic this is extracted from the data plane and sent to the CPM for processing.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Consult the TiMOS/SR-OS Security Best Practices Guide for more information on this topic. The TiMOS/SR-OS Security Best Practices Guide is available from the Nokia/Alcatel-Lucent Customer Support Portal at https://support.alcatel-lucent.com/portal/web/support.

See Also

https://infoproducts.alcatel-lucent.com/aces/cgi-bin/dbaccessfilename.cgi/9305050101_V1_SR-OS Security Best Practices v2.0.pdf

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5

Plugin: Alcatel

Control ID: eb4be77ad8c3cd1137b10ea13f913de90ea2c5c2ec9c2b9dc87070ebe8bf76da