VMware Aria Operations 8.17.1

8.18 8.17.1 8.16 8.14 8.12
简体中文 Deutsch Español Français 日本語 한국어 繁體中文 English

Deny ICMPv4 Echoes to Broadcast Address

Responses to broadcast Internet Control Message Protocol (ICMP) echoes provide an attack vector for amplification attacks and can facilitate network mapping by malicious agents. Configuring your system to ignore ICMPv4 echoes provides protection against such attacks.
  1. Run the
    # cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
     command to verify that the system is not sending responses to ICMP broadcast address echo requests.
  2. Configure the host system to deny ICMPv4 broadcast address echo requests.
    1. Open the
      /etc/sysctl.conf
       file in a text editor.
    2. If the value for this entry is not set to
      1
      , add the
      net.ipv4.icmp_echo_ignore_broadcasts=1
       entry.
    3. Save the changes and close the file.
    4. Run
      # sysctl -p
       to apply the configuration.

Content feedback and comments