Prohibit unicast response to multicast or broadcast requests - Standard Profile
|ID: oval:gov.nist.USGCB.xpfirewall:def:5111||Date: (C)2012-04-13 (M)2017-07-28|
|Class: COMPLIANCE||Family: windows|
The Windows Firewall: Prohibit unicast response to multicast or broadcast requests setting prevents a computer from receiving unicast responses to its outgoing multicast or broadcast messages. When this policy setting is enabled and the computer sends multicast or broadcast messages to other computers, Windows Firewall blocks the unicast responses sent by those other computers. When the setting is disabled and this computer sends a multicast or broadcast message to other computers, Windows Firewall waits up to three seconds for unicast responses from the other computers and then blocks all later responses. Typically, you would not want to receive unicast responses to multicast or broadcast messages. Such responses can indicate a denial of service (DoS) attack or an attacker attempting to probe a known live computer. This appendix recommends you configure this policy setting to Enabled to help prevent this type of attack. Note: This policy setting has no
effect if the unicast message is a response to a Dynamic Host Configuration Protocol (DHCP) broadcast message sent by the computer. Windows Firewall always permits those DHCP unicast responses. However, this policy setting can interfere with the NetBIOS messages that detect name conflicts.
|Microsoft Windows XP|