Unrestricted inbound ICMP access
Incident Management が一般に使用できるようになりました。 Incident Management が広範に使用できるようになりました。
<  Back to rules search

Unrestricted inbound ICMP access

ec2

Classification:

compliance

Set up the ec2 integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Overview

Description

Reduce the probability of a breach by checking EC2 security groups for inbound rules that allow unfettered access to host using the Internet Control Message Protocol (ICMP), a protocol commonly used to troubleshoot TCP/IP networks and deliver IP packets, and restrict access to IP addresses that require this port.

Rationale

Malicious activity, such as denial-of-service (DoS) attacks and Smurf/Fraggle attacks, can occur when permitting unfettered access to this port.

Remediation

  1. Run describe-security-groups with a filter to expose security groups that allow access to host using ICMP.

    describe-security-group.sh

        aws ec2 describe-security-groups
    	    --filters Name=ip-permission.protocol,Values=icmp Name=ip-permission.cidr,Values='192.0.2.0/24'
    	    --query 'SecurityGroups[*].{Name:GroupName}'