A policy must be implemented to keep Bogon/Martian rulesets up to date.

From Network Infrastructure Policy Security Technical Implementation Guide

Part of NET0928 - Bogon/Martian policy established

Associated with: CCI-000366

SV-44284r2_rule A policy must be implemented to keep Bogon/Martian rulesets up to date.

Vulnerability discussion

A Bogon route or Martian address is a type of packet that should never be routed inbound through the perimeter device. Bogon routes and Martian addresses are commonly found as the source addresses of DDoS attacks. By not having a policy implemented to keep these addresses up to date, the enclave will run the risk of allowing illegitimate traffic into the enclave or even blocking legitimate traffic. Also, if there are rulesets with "any" as the source address then Bogons/Martians must be applied.Bogons and Martian addresses can be kept up to date routinely checking the IANA website or creating an account with Team Cymru to retrieve these lists in one of many ways.http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xmlhttp://www.team-cymru.org/Services/Bogons/

Check content

Review the Bogon/Martian maintenance policy to validate plans and procedures are in place to protect the enclave from illegitimate network traffic with up to date Bogon/Martian rulesets. If the site does not have a policy to keep Bogon/Martian rulesets up to date, this is a finding.

Fix text

Implement a Bogon/Martian maintenance policy to protect the enclave from illegitimate network traffic.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.