UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must not apply reversed source routing to TCP responses.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22412 GEN003605 SV-38799r1_rule ECSC-1 Medium
Description
Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures.
STIG Date
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-06-16

Details

Check Text ( C-37255r2_chk )
Determine if the system is configured to apply reverse source routing to TCP responses to source-routed packets.
# /usr/sbin/no -p nonlocsrcroute
If the value is not 0, this is a finding.
Fix Text (F-32495r2_fix)
Configure the system to not apply reverse source routing to TCP responses to source-routed packets.
# /usr/sbin/no -po nonlocsrcroute=0