The system must disable TCP reverse IP source routing.

An XCCDF Rule

Description

If enabled, reverse IP source routing would allow an attacker to more easily complete a three-way TCP handshake and spoof new connections.

ID: SV-216140r959010_rule
Version: SOL-11.1-050100
Severity: Low
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

The Network Management profile is required.

Disable reverse source routing.

# pfexec ipadm set-prop -p _rev_src_routes=0 tcp