AOSX-13-001215 - The macOS system must prevent local applications from generating source-routed packets.

Information

A source-routed packet attempts to specify the network path that the system should take. If the system is not configured to block the sending of source-routed packets, an attacker can redirect the system's network traffic.

Solution

To configure the system to not forward source-routed packets, add the following line to '/etc/sysctl.conf', creating the file if necessary:

net.inet.ip.sourceroute=0

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_OS_X_10-13_V2R5_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-214915r609363_rule, STIG-ID|AOSX-13-001215, STIG-Legacy|SV-96425, STIG-Legacy|V-81711, Vuln-ID|V-214915

Plugin: Unix

Control ID: d23dca5e43353136562805f3f05afbf2673675f50e5b3332e5435328472b556b