Network Security - Ensure Source Routing has not been configured

Information

Routers communicate using routing protocols and exchange information about the networks they know how to reach. Packets are routed through a network based on the destination address contained in the packet. This is reasonable behavior because routers are supposed to know the best way to forward packets to the destination.

The intent of these options was to assist in network troubleshooting but malicious users can also use source routing to direct packets to specific network segments, gather network topology information, and possibly subvert security restrictions.

Solution

Configure system no redirects for ICMP.

user@host# edit chassis
user@host# set no-source-route

See Also

http://www.juniper.net/us/en/training/jnbooks/day-one/fundamentals-series/hardening-junos-devices-checklist/

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Juniper

Control ID: b2afde3bd1016cf86fb2243e04fe0ea6b878a5957efacbb119d5113198659cac