The system must not accept source-routed IPv6 packets.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22554	GEN007940	SV-46106r1_rule		Medium

Description
Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the handling of source-routed traffic destined to the system itself, not to traffic forwarded by the system to another, such as when IPv6 forwarding is enabled and the system is functioning as a router.

Description

Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the handling of source-routed traffic destined to the system itself, not to traffic forwarded by the system to another, such as when IPv6 forwarding is enabled and the system is functioning as a router.

STIG	Date
SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide	2018-09-19

Details

Check Text ( C-43363r1_chk )
The ability to control the acceptance of source-routed packets is not inherent to IPv6.

Fix Text (F-40351r1_fix)
The ability to control the acceptance of source-routed packets is not inherent to IPv6.