Disable the IP Unreachable Function

Gavin M. Dennis

22 April 2022 00:20

Details

The ROSNG system product no longer uses U to respond to the icmp request.

Use icmp unreachable and change the source address to the address of the attacking device to prevent smurf attack

Solution

ZXR10#config terminal
ZXR10 (config)#icmp-config
ZXR10 (config-icmp)# interface fei-0/2/1/7
ZXR10 (config-icmp-if)#no ip unreachable
ZXR10 (config-icmp-if)#no ipv6 unreachable
ZXR10 (config-icmp-if)#end

Supportive Information

The following resource is also helpful.

https://support.zte.com.cn/support/doccenter/DocumentProductHandBookDetail.aspx?sid=102&id=30768582&type=docfeedback

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system ZTE_ROSNG.

References

800-53|CM-7b.

Source

Tenable.com/audits

PS. Before you go.

Request a quote to protect your organisation from cyber attacks and breaches.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section