Check: GEN003606
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE:
GEN003606
(in versions v1 r14 through v1 r10)
Title
The system must prevent local applications from generating source-routed packets. (Cat II impact)
Discussion
Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures.
Check Content
# /usr/sbin/no -o ipsrcroutesend If the result is not 0, this is a finding.
Fix Text
# /usr/sbin/no -po "ipsrcroutesend=0"
Additional Identifiers
Rule ID: SV-38949r1_rule
Vulnerability ID: V-22413
Group Title: GEN003606
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-001551 |
The organization defines approved authorizations for controlling the flow of information between interconnected systems. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AC-4 |
Information Flow Enforcement |