An error occurred:

Check: GEN003605

AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE: GEN003605 (in versions v1 r14 through v1 r10)

Title

The system must not apply reversed source routing to TCP responses. (Cat II impact)

Discussion

Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures.

Check Content

Determine if the system is configured to apply reverse source routing to TCP responses to source-routed packets. # /usr/sbin/no -o nonlocsrcroute If the value is not 0, this is a finding.

Fix Text

Configure the system to not apply reverse source routing to TCP responses to source-routed packets. # /usr/sbin/no -po nonlocsrcroute=0

Additional Identifiers

Rule ID: SV-38799r2_rule

Vulnerability ID: V-22412

Group Title: GEN003605

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001551

The organization defines approved authorizations for controlling the flow of information between interconnected systems.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-4

Information Flow Enforcement