The perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-78239 | SRG-NET-000364-RTR-000110 | SV-92945r1_rule | Medium |
| Description |
|---|
| Packets with Bogon IP source addresses should never be allowed to traverse the IP core. Bogon IP networks are RFC1918 addresses or address blocks that have never been assigned by the IANA or have been reserved. |
| STIG | Date |
|---|---|
| Router Security Requirements Guide | 2018-01-26 |
Details
| Check Text ( C-77795r1_chk ) |
|---|
| This requirement is not applicable for the DoDIN Backbone. Review the router configuration to verify that an ingress access control list (ACL) is applied to all external interfaces. Verify that the ingress ACL is blocking packets with Bogon source addresses. If the router is not configured to block inbound packets with source Bogon IP address prefixes, this is a finding. |
| Fix Text (F-84967r1_fix) |
|---|
| This requirement is not applicable for the DoDIN Backbone. Configure the perimeter to block inbound packets with Bogon source addresses. |