Source Routed Packet Weakness

info Nessus Plugin ID 11834

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host accepts loose source routed IP packets.

Description

The remote host accepts loose source routed IP packets.
The feature was designed for testing purpose.

An attacker may use it to circumvent poorly designed IP filtering and exploit another flaw. However, it is not dangerous by itself.

Solution

Drop source routed packets on this host or on other ingress routers or firewalls.

See Also

http://www.faqs.org/faqs/cisco-networking-faq/section-23.html

Plugin Details

Severity: Info

ID: 11834

File Name: source_routed.nasl

Version: 1.26

Type: remote

Family: Firewalls

Published: 9/9/2003

Updated: 3/6/2019