Details

ACLs (filters) can be used is to mitigate attacks at the data plane. Based on RFC1918/3330 certain blocks of IPs were designated for private networks and as such should not be routed on the Internet.

Solution

Run the following command on the device to configure these ACLs:
configure filter ip-filter entry create
description
match src-ip /
action drop
exit

Supportive Information

The following resource is also helpful.

• https://infoproducts.alcatel-lucent.com/aces/cgi-bin/dbaccessfilename.cgi/9305050101_V1_SR-OS Security Best Practices v2.0.pdfhttps://infoproducts.alcatel-lucent.com/aces/cgi-bin/dbaccessfilename.cgi/9305050101_V1_SR-OS Security Best Practices v2.0.pdf

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Alcatel.

References

• 800-53|SC-7

Source

• Tenable.com/audits