UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must prevent local applications from generating source-routed packets.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22413 GEN003606 SV-46276r1_rule ECSC-1 Medium
Description
Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures.
STIG Date
SUSE Linux Enterprise Server v11 for System z 2015-05-27

Details

Check Text ( C-43433r1_chk )
Check the reverse source route settings for the system:
# sysctl net.ipv4.conf.all.accept_source_route
# sysctl net.ipv4.conf.default.accept_source_route

If either setting has a value other than zero, this is a finding.
Fix Text (F-39576r1_fix)
Add the entries in /etc/sysctl.conf to disable reverse source routing:
# printf "sysctl net.ipv4.conf.all.accept_source_route = 0\n" >> /etc/sysctl.conf
# printf "sysctl net.ipv4.conf.default.accept_source_route = 0\n" >> /etc/sysctl.conf

Activate the updated settings:
# /sbin/sysctl -p /etc/sysctl.conf