3.2.5 Disable IP Source-Routing

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

A malicious actor can influence the path that their traffic should take using source-routing. Disabling this on the NX-OS platform disables this feature for all transit traffic.

Rationale:

Impact:

Source Routing can be used to influence the path taken by attack traffic, potentially routing around devices that implement network protections that might detect or prevent the attack being 'steered' using source routing.

Solution

switch(config)# no ip source-route

Default Value:

By default source-routing is enabled (which is not the desired setting)

See Also

https://workbench.cisecurity.org/benchmarks/6524