UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must not accept any outbound IP packets that contain an illegitimate address in the source address field by enabling Unicast Reverse Path Forwarding (uRPF) Strict mode or via egress ACL.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3164 NET0950 SV-3164r2_rule ECSC-1 High
Description
When Unicast Reverse Path Forwarding (uRPF) provides an IP address spoof protection capability. When uRPF is enabled in strict mode, the packet must be received on the interface that the router would use to forward the return packet.
STIG Date
Perimeter Router Security Technical Implementation Guide 2015-07-01

Details

Check Text ( C-3602r3_chk )
Review the device configuration and validate uRPF or an egress ACL has been configured on all internal interfaces.
Fix Text (F-3189r5_fix)
Configure the network device from accepting any outbound IP packet that contains an illegitimate address in the source address field by enabling uRPF Strict mode or via egress ACL.