An error occurred:

Check: GEN003600

VMware ESX 3 Server: GEN003600 (in version v1 r2)

Title

The system must not forward IPv4 source-routed packets. (Cat II impact)

Discussion

Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv4 forwarding is enabled and the system is functioning as a router.

Check Content

If the system is configured to forward source-routed packets, this is a finding.

Fix Text

Configure the system to not forward source-routed packets.

Additional Identifiers

Rule ID: SV-12503r2_rule

Vulnerability ID: V-12002

Group Title: GEN003600

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001551

The organization defines approved authorizations for controlling the flow of information between interconnected systems.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-4

Information Flow Enforcement