Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must not forward IPv6 source-routed packets.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22553 | GEN007920 | SV-37618r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv6 forwarding is enabled and the system is functioning as a router. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2014-07-07 |
Details
| Check Text ( C-36815r1_chk ) |
|---|
| Determine if the system is configured to forward IPv6 source-routed packets. Procedure: # egrep "net.ipv6.conf.*forwarding" /etc/sysctl.conf If there are no entries found or the value of the entries is not = "0", this is a finding. |
| Fix Text (F-31656r1_fix) |
|---|
| Configure the system to not forward IPv6 source-routed packets. Procedure: Edit the /etc/sysctl.conf file to include: net.ipv6.conf.all.forwarding = 0 net.ipv6.conf.default.forwarding = 0 Reload the kernel parameters: # sysctl -p |