Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-214915 | AOSX-13-001215 | SV-214915r507075_rule | Medium |
Description |
---|
A source-routed packet attempts to specify the network path that the system should take. If the system is not configured to block the sending of source-routed packets, an attacker can redirect the system's network traffic. |
STIG | Date |
---|---|
Apple OS X 10.13 Security Technical Implementation Guide | 2020-09-11 |
Check Text ( C-16115r397317_chk ) |
---|
To check if the system is configured to forward source-routed packets, run the following command: sysctl net.inet.ip.sourceroute If the value is not set to "0", this is a finding. |
Fix Text (F-16113r397318_fix) |
---|
To configure the system to not forward source-routed packets, add the following line to "/etc/sysctl.conf", creating the file if necessary: net.inet.ip.sourceroute=0 |