The Juniper router must be configured to have Gratuitous ARP disabled on all external interfaces.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-254032 | JUEX-RT-000600 | SV-254032r844129_rule | Medium |
| Description |
|---|
| A gratuitous ARP is an ARP broadcast in which the source and destination MAC addresses are the same. It is used to inform the network about a host IP address. A spoofed gratuitous ARP message can cause network mapping information to be stored incorrectly, causing network malfunction. |
| STIG | Date |
|---|---|
| Juniper EX Series Switches Router Security Technical Implementation Guide | 2023-03-23 |
Details
| Check Text ( C-57484r844127_chk ) |
|---|
| Review the configuration to determine if gratuitous ARP is disabled on all external interfaces. [edit interfaces] no-gratuitous-arp-reply; no-gratuitous-arp-request; unit family inet { address } family inet6 { address } } } If gratuitous ARP is enabled on any external interface, this is a finding. |
| Fix Text (F-57435r844128_fix) |
|---|
| Disable gratuitous ARP on all external interfaces. set interfaces set interfaces set interfaces set interfaces |