The RUCKUS ICX router must be configured to have Internet Control Message Protocol (ICMP) redirects disabled on all external interfaces.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-273633 | RCKS-RTR-000660 | SV-273633r1110939_rule | CCI-002385 | medium |
| Description | ||||
| The ICMP supports IP traffic by relaying information about paths, routes, and network conditions. Routers automatically send ICMP messages under a wide variety of conditions. Redirect ICMP messages are commonly used by attackers for network mapping and diagnosis. | ||||
| STIG | Date | |||
| RUCKUS ICX Router Security Technical Implementation Guide | 2025-06-03 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
SC-5
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-002385
1.00
- DISA · V1R1 · disa_xccdf · related
Details
Check Text (C-273633r1110939_chk)
The RUCKUS ICX router disables ICMP redirect messages by default.
Review the configuration to verify the following command is not present:
ip icmp redirects
If the command above is present, this is a finding.
Fix Text (F-77629r1109920_fix)
Disable ICMP redirect messages:
ICX(config)#no ip icmp redicts