Information
IP source routing is a mechanism that allows the sender to determine the IP route that a datagram should take through the network. It is recommended to configure this setting to Not Defined for enterprise environments and to Highest Protection for high security environments to completely disable source routing.
The recommended state for this setting is: Enabled: Highest protection, source routing is completely disabled
An attacker could use source routed packets to obscure their identity and location. Source routing allows a computer that sends a packet to specify the route that the packet takes.
Solution
To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Enabled: Highest protection, source routing is completely disabled
Administrative Templates\MSS (Legacy)\MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)
Impact:
All incoming source routed packets will be dropped.