GEN003605 - The system must not apply reversed source routing to TCP responses.

Information

Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures.

Solution

Configure the system to not apply reverse source routing to TCP responses to source-routed packets.
# /usr/sbin/no -po nonlocsrcroute=0

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-4, CAT|II, CCI|CCI-001551, Rule-ID|SV-38799r1_rule, STIG-ID|GEN003605, Vuln-ID|V-22412

Plugin: Unix

Control ID: b686e4b56231fc02f891d3b7bf8bbdbf29fb728da4aea39c36af92a0f7a9db5e