3.1.1 Set 'no ip source-route'

Information

Disable the handling of IP datagrams with source routing header options.

Rationale:

Source routing is a feature of IP whereby individual packets can specify routes. This feature is used in several kinds of attacks. Cisco routers normally accept and process source routes. Unless a network depends on source routing, it should be disabled.

Impact:

Organizations should plan and implement network policies to ensure unnecessary services are explicitly disabled. The 'ip source-route' feature has been used in several attacks and should be disabled.

Solution

Disable source routing.

hostname(config)#no ip source-route

Default Value:

Enabled by default

See Also

https://workbench.cisecurity.org/files/3829

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-6, 800-53|CM-7, 800-53|SC-23, CSCv7|9.2

Plugin: Cisco

Control ID: 0c90ac0385c237727a05ed5c5a523b57cecfc7e6f43b89c42fcdf937e35d7f7e