IP-source routing is enabled for the router
| cisco-ipsource-routing-enabled (8408) |  Medium Risk |
Description:
Cisco routers normally accept and process source routes. Unless a network depends on it, source routing should be disabled.
Source routing is a technique whereby the sender of a packet can specify the route that a packet should take through the network. As a packet travels through the network, each router will examine the destination IP address and choose the next hop to forward the packet to. In source routing, the "source" (i.e., the sender) makes some or all of these decisions. Attackers can use source routing to probe the network by forcing packets into specific parts of the network. Using source routing, an attacker can collect information about a network?s topology, or other information that could be useful in performing an attack. During an attack, an attacker could use source routing to direct packets to bypass existing security restrictions.
Consequences:
Bypass Security
Remedy:
Use the 'no ip source-route' command to disable IP source routing on the router. Refer to your router documentation for specific instructions.
References:
- NSA Router Security Configuration Guide: IP Source Routing (page 65).
Platforms Affected:
- Cisco IOS
Reported:
Not available
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this