Drop Incoming Source-Routed Packets
A source-routed packet attempts to specify the network path the packet should take. If the system is not configured to block the incoming source-routed packets, an attacker can redirect the system's network traffic. Configuring the system to drop incoming source-routed IPv4 packets mitigates this risk.
[enable/disable]
To check if the system is configured to accept source-routed packets, run the following command:
sysctl net.inet.ip.accept_sourceroute
If the value is not '0', this is a finding.
oval:org.secpod.oval:def:25095
SCAP Repo OVAL Definition
2015-06-12