[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110210

 
 

909

 
 

86021

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)

ID: oval:org.secpod.oval:def:40245Date: (C)2017-04-25   (M)2018-07-10
Class: COMPLIANCEFamily: windows




MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) Vulnerability: An attacker could use source routed packets to obscure their identity and location. Source routing allows a computer that sends a packet to specify the route that the packet takes. Counter Measure: Configure the MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) entry to a value of Highest protection, source routing is completely disabled. The possible values for this registry entry are: * 0, 1, or 2. The default configuration is 1 (source routed packets are not forwarded). In the SCE UI, the following list of options appears: * No additional protection, source routed packets are allowed. * Medium, source routed packets ignored when IP forwarding is enabled. * Highest protection, source routing is completely disabled. * Not Defined. Potential Impact: If you configure this value to 2, all incoming source routed packets will be dropped. Fix: (1) GPO: Computer Configuration\Administrative Templates\MSS (Legacy)\MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) (2) REG: NO INFO

Platform:
Microsoft Windows Server 2016
Reference:
CCE-45275-5
CPE    1
cpe:/o:microsoft:windows_server_2016:::x64
CCE    1
CCE-45275-5
XCCDF    5
xccdf_org.secpod_benchmark_general_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_Server_2016
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2016
xccdf_org.secpod_benchmark_SecPod_Windows_Server_2016
...

© SecPod Technologies