3.6.13 TCP/IP Tuning - ipsrcrouterecv

Information

The ipsrcrouterecv parameter determines whether the system accepts source routed packets.

The ipsrcrouterecv parameter will be set to 0, This means that the system will not accept source routed packets. By default, when this is enabled the system is susceptible to source routing attacks.

Solution

In /etc/tunables/nextboot, add the ipsrcrouterecv entry-

no -p -o ipsrcrouterecv=0

This makes the change permanent by adding the entry into /etc/tunables/nextboot.

See Also

https://workbench.cisecurity.org/files/528