This entry from Security Metrics may suggest that because your protocols that are exposed to the internet respond as required, that some risk is engendered.

That response to protocols was enumerated and affected according to RFC design does not present a risk.

It seems odd that this would be considered a 'risk' even a low one. Internet Protocols are supposed to respond. That is there nature. Nothing in this issue indicates a specific risk or threat based on this rational alone.

No action required.

search?q=clearos%2C%20clearos%20content%2C%203rd%20party%2C%20security%20metrics%2C%20non-cve%2C%20maintainer_dloper&btnI=lucky