Skip to content

The system must disable TCP reverse IP source routing.

An XCCDF Rule

Description

If enabled, reverse IP source routing would allow an attacker to more easily complete a three-way TCP handshake and spoof new connections.

ID
SV-216140r959010_rule
Version
SOL-11.1-050100
Severity
Low
References
Updated

Remediation Templates

A Manual Procedure

The Network Management profile is required.

Disable reverse source routing.

# pfexec ipadm set-prop -p _rev_src_routes=0 tcp