|Platform: macosx10.10||Date: (C)2015-06-23 (M)2018-03-17|
Drop Incoming ICMPv4 Redirect Messages
ICMP redirects are broadcast in order to reshape network traffic. A malicious user could craft fake redirect packets and try to force all network traffic to pass through a network sniffer. If the system is not configured to ignore these packets, it could be suspectible to this kind of attack.
To check if the system is configured to ignore ICMP redirect messages, run the following command:
If the value is not '1', this is a finding.
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:25093|