The firewall implementation must protect against "Ping of Death" (oversized ICMP echo request) attacks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000362-FW-000232 | SRG-NET-000362-FW-000232 | SRG-NET-000362-FW-000232_rule | Medium |
| Description |
|---|
| Denial of Service is a condition when a resource is not available for legitimate users. The "Ping of Death" is a malformed (oversized) ICMP echo request. An oversized ICMP echo request packet can cause a variety of adverse reactions such as crashing, freezing, or rebooting. This results in a denial of service. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2014-07-07 |
Details
| Check Text ( C-SRG-NET-000362-FW-000232_chk ) |
|---|
| Review the configuration of the firewall implementation. If measures have been configured to negate or mitigate the effects of a Ping of Death attack, this is not a finding. |
| Fix Text (F-SRG-NET-000362-FW-000232_fix) |
|---|
| Configure measures to block oversized ICMP echo request packets. |