Details

The ROSNG system product no longer uses U to respond to the icmp request.



Use icmp unreachable and change the source address to the address of the attacking device to prevent smurf attack


Solution

ZXR10#config terminal
ZXR10 (config)#icmp-config
ZXR10 (config-icmp)# interface fei-0/2/1/7
ZXR10 (config-icmp-if)#no ip unreachable
ZXR10 (config-icmp-if)#no ipv6 unreachable
ZXR10 (config-icmp-if)#end


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system ZTE_ROSNG.


References


Source