[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-45275-5

Platform: win2016Date: (C)2017-08-03   (M)2017-10-16



"MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)" MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) Vulnerability: An attacker could use source routed packets to obscure their identity and location. Source routing allows a computer that sends a packet to specify the route that the packet takes. Counter Measure: Configure the MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) entry to a value of Highest protection, source routing is completely disabled. The possible values for this registry entry are: * 0, 1, or 2. The default configuration is 1 (source routed packets are not forwarded). In the SCE UI, the following list of options appears: * No additional protection, source routed packets are allowed. * Medium, source routed packets ignored when IP forwarding is enabled. * Highest protection, source routing is completely disabled. * Not Defined. Potential Impact: If you configure this value to 2, all incoming source routed packets will be dropped.


Parameter:


Technical Mechanism: Fix: (1) GPO: Computer Configuration\Administrative Templates\MSS (Legacy) (2) REG: No Registry Info

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:40245


OVAL    1
oval:org.secpod.oval:def:40245
XCCDF    2
xccdf_org.secpod_benchmark_general_Windows_Server_2016
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2016

© 2013 SecPod Technologies