STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021:

The Juniper router must be configured to have Gratuitous ARP disabled on all external interfaces.

DISA Rule

SV-217021r639663_rule

Vulnerability Number

V-217021

Group Title

SRG-NET-000362-RTR-000111

Rule Version

JUNI-RT-000150

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Disable gratuitous ARP on all external interfaces using the following command.

[edit interfaces ge-1/1/0 ]
delete gratuitous-arp-reply

Check Contents

Review the configuration to determine if gratuitous ARP is disabled on all external interfaces. The following command should not be set to any interface: gratuitous-arp-reply

If gratuitous ARP is enabled on any external interface, this is a finding.

Vulnerability Number

V-217021

Documentable

False

Rule Version

JUNI-RT-000150

Severity Override Guidance

Review the configuration to determine if gratuitous ARP is disabled on all external interfaces. The following command should not be set to any interface: gratuitous-arp-reply

If gratuitous ARP is enabled on any external interface, this is a finding.

Check Content Reference

M

Target Key

4032

Comments