The system must disable TCP reverse IP source routing.
Overview
| Finding ID |
Version |
Rule ID |
IA Controls |
Severity |
| V-216140 |
SOL-11.1-050100 |
SV-216140r959010_rule |
|
Low |
| Description |
| If enabled, reverse IP source routing would allow an attacker to more easily complete a three-way TCP handshake and spoof new connections. |
Details
| Check Text (C-17378r372802_chk) |
Determine if TCP reverse IP source routing is disabled.
# ipadm show-prop -p _rev_src_routes -co current tcp
If the output of this command is not "0", this is a finding. |
| Fix Text (F-17376r372803_fix) |
The Network Management profile is required.
Disable reverse source routing.
# pfexec ipadm set-prop -p _rev_src_routes=0 tcp |