Navigate

Check: GEN007920

AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE: GEN007920 (in versions v1 r14 through v1 r10)

Title

The system must not forward IPv6 source-routed packets. (Cat II impact)

Discussion

Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv6 forwarding is enabled and the system is functioning as a router.

Check Content

# /usr/sbin/no -o ip6srcrouteforward If the value returned is not 0, this is a finding.

Fix Text

Configure the system so it does not forward IPv6 source-routed packets. # /usr/sbin/no -p -o ip6srcrouteforward=0

Additional Identifiers

Rule ID: SV-38827r1_rule

Vulnerability ID: V-22553

Group Title: GEN007920

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001551	The organization defines approved authorizations for controlling the flow of information between interconnected systems.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-4	Information Flow Enforcement