[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

111604

 
 

909

 
 

87185

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-45279-7

Platform: win2016Date: (C)2017-08-03   (M)2018-07-10



"MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes Vulnerability: This behavior is expected. The problem is that the 10 minute time-out period for the ICMP redirect-plumbed routes temporarily creates a network situation in which traffic will no longer be routed properly for the affected host. Counter Measure: Configure the MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes entry to a value of Disabled. The possible values for this registry entry are: * 1 or 0. The default configuration is 1 (enabled). In the SCE UI, these options appear as: * Enabled * Disabled * Not Defined Potential Impact: When Routing and Remote Access Service (RRAS) is configured as an autonomous system boundary router (ASBR), it does not correctly import connected interface subnet routes. Instead, this router injects host routes into the OSPF routes. However, the OSPF router can not be used as an ASBR router, and when connected interface subnet routes are imported into OSPF the result is confusing routing tables with strange routing paths.


Parameter: EnableICMPRedirect


Technical Mechanism: Fix: (1) GPO: Computer Configuration\Administrative Templates\MSS (Legacy) (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters!EnableICMPRedirect

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:40331


OVAL    1
oval:org.secpod.oval:def:40331
XCCDF    5
xccdf_org.secpod_benchmark_general_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_Server_2016
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2016
...

© SecPod Technologies