Details
ICMP Router Discovery should not be used.
Rationale:
ICMP Router Discovery provides details of routers attached to a broadcast or multicast segment in response to Router Solicitation messages from hosts or in the form of a period Router Advertisement.
These messages may provide an attacker attached to the segment with a clearer picture of network environment and also increases the attack surface of the JUNOS device. As the feature is rarely used, ICMP Router Discovery should only be configured on networks where a specific requirement exists for its use.
Solution
If you have configured ICMP Router Discovery and do not require it, you can disable it by issuing the following command from the [edit protocols router-discovery] hierarchy:
[edit protocols router-discovery]
[email protected]#set disable
Default Value:
ICMP Router Discovery is disabled by default.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Juniper.