Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22553 | GEN007920 | SV-63393r1_rule | ECSC-1 | Medium |
Description |
---|
Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv6 forwarding is enabled and the system is functioning as a router. |
STIG | Date |
---|---|
Oracle Linux 5 Security Technical Implementation Guide | 2015-06-05 |
Check Text ( C-52103r1_chk ) |
---|
Determine if the system is configured to forward IPv6 source-routed packets. Procedure: # egrep "net.ipv6.conf.*forwarding" /etc/sysctl.conf If there are no entries found or the value of the entries is not = "0", this is a finding. |
Fix Text (F-53991r1_fix) |
---|
Configure the system to not forward IPv6 source-routed packets. Procedure: Edit the /etc/sysctl.conf file to include: net.ipv6.conf.all.forwarding = 0 net.ipv6.conf.default.forwarding = 0 Reload the kernel parameters: # sysctl -p |