Check: GEN003605
Solaris 9 X86 STIG:
GEN003605
(in version v1 r9)
Title
The system must not apply reversed source routing to TCP responses. (Cat II impact)
Discussion
Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures.
Check Content
Verify the system does not apply reversed source routing to TCP responses. # ndd /dev/tcp tcp_rev_src_routes If the result is not 0, this is a finding.
Fix Text
Configure the system to not apply reversed source routing to TCP responses. # ndd -set /dev/tcp tcp_rev_src_routes 0 Also add this command to a system startup script.
Additional Identifiers
Rule ID: SV-26626r1_rule
Vulnerability ID: V-22412
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001551 |
The organization defines approved authorizations for controlling the flow of information between interconnected systems. |
Controls
Number | Title |
---|---|
AC-4 |
Information Flow Enforcement |