Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22413 | GEN003606 | SV-46276r1_rule | ECSC-1 | Medium |
Description |
---|
Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. |
STIG | Date |
---|---|
SUSE Linux Enterprise Server v11 for System z | 2015-05-27 |
Check Text ( C-43433r1_chk ) |
---|
Check the reverse source route settings for the system: # sysctl net.ipv4.conf.all.accept_source_route # sysctl net.ipv4.conf.default.accept_source_route If either setting has a value other than zero, this is a finding. |
Fix Text (F-39576r1_fix) |
---|
Add the entries in /etc/sysctl.conf to disable reverse source routing: # printf "sysctl net.ipv4.conf.all.accept_source_route = 0\n" >> /etc/sysctl.conf # printf "sysctl net.ipv4.conf.default.accept_source_route = 0\n" >> /etc/sysctl.conf Activate the updated settings: # /sbin/sysctl -p /etc/sysctl.conf |