Check: GEN003605
VMware ESX 3 Server:
GEN003605
(in version v1 r2)
Title
The system must not apply reversed source routing to TCP responses. (Cat II impact)
Discussion
Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures.
Check Content
Determine if the system is configured to apply reverse source routing to TCP responses to source-routed packets. If so, this is a finding.
Fix Text
Configure the system to not apply reverse source routing to TCP responses to source-routed packets.
Additional Identifiers
Rule ID: SV-26075r1_rule
Vulnerability ID: V-22412
Group Title: GEN003605
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-001551 |
The organization defines approved authorizations for controlling the flow of information between interconnected systems. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AC-4 |
Information Flow Enforcement |