[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-36535-3

Platform: cpe:/o:microsoft:windows_server_2012::r2Date: (C)2015-10-08   (M)2023-07-04



MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) The registry value entry DisableIPSourceRouting was added to the template file in the HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParameters registry key. The entry appears as MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) in the SCE. IP source routing is a mechanism that allows the sender to determine the IP route that a datagram should take through the network. Microsoft recommends to configure this setting to Not Defined for enterprise environments and to Highest Protection for high security environments to completely disable source routing.


Parameter:

[highest protection, source routing is completely disabled/medium, source routed packets ignored when IP forwarding is enabled/no additional protection, source routed packets are allowed]


Technical Mechanism:

(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options!MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (2) REG: HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParameters!DisableIPSourceRouting

CCSS Severity:CCSS Metrics:
CCSS Score : 8.1Attack Vector: NETWORK
Exploit Score: 2.2Attack Complexity: HIGH
Impact Score: 5.9Privileges Required: NONE
Severity: HIGHUser Interaction: NONE
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:22982


OVAL    1
oval:org.secpod.oval:def:22982
XCCDF    6
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_2012_R2
xccdf_org.secpod_benchmark_PCI_Windows_2012_R2
xccdf_org.secpod_benchmark_ISO27001_Windows_2012_R2
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2012_R2
...

© SecPod Technologies