UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The macOS system must prevent local applications from generating source-routed packets.


Overview

Finding ID Version Rule ID IA Controls Severity
V-214915 AOSX-13-001215 SV-214915r507075_rule Medium
Description
A source-routed packet attempts to specify the network path that the system should take. If the system is not configured to block the sending of source-routed packets, an attacker can redirect the system's network traffic.
STIG Date
Apple OS X 10.13 Security Technical Implementation Guide 2020-09-11

Details

Check Text ( C-16115r397317_chk )
To check if the system is configured to forward source-routed packets, run the following command:

sysctl net.inet.ip.sourceroute

If the value is not set to "0", this is a finding.
Fix Text (F-16113r397318_fix)
To configure the system to not forward source-routed packets, add the following line to "/etc/sysctl.conf", creating the file if necessary:

net.inet.ip.sourceroute=0