Documentation - V-254046

V-254046

Juniper EX Series Switches Router Security Technical Implementation Guide

CAT II

Title

The Juniper perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.

Description

<VulnDiscussion>Bogons include IP packets on the public internet that contain addresses that are not in any range allocated or delegated by the Internet Assigned Numbers Authority (IANA) or a delegated regional Internet registry (RIR) and allowed for public internet use. Bogons also include multicast, IETF reserved, and special purpose address space as defined in RFC 6890. Security of the internet's routing system relies on the ability to authenticate an assertion of unique control of an addres...

Fix Text (Documentation Requirement)

This requirement is not applicable for the DODIN Backbone. Configure the router to block inbound packets with Bogon source addresses. Example Bogon prefix lists: set policy-options prefix-list bogon-ipv4 0.0.0.0/8 set policy-options prefix-list bogon-ipv4 10.0.0.0/8 set policy-options prefix-list bogon-ipv4 100.64.0.0/10 set policy-options prefix-list bogon-ipv4 127.0.0.0/8 set policy-options prefix-list bogon-ipv4 169.254.0.0/16 set policy-options prefix-list bogon-ipv4 172.16.0.0/12 set policy-options prefix-list bogon-ipv4 192.0.0.0/24 set policy-options prefix-list bogon-ipv4 192.0.2.0/24 set policy-options prefix-list bogon-ipv4 192.88.99.0/24 set policy-options prefix-list bogon-ipv4 192.168.0.0/16 set policy-options prefix-list bogon-ipv4 198.18.0.0/15 set policy-options prefix-l...

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel