We are running security scans on our machines.
I am concerned with my solaris 9 box running on a 280r. got the following message.
The remote host accepts loose source routed IP packets.
The feature was designed for testing purpose.
An attacker may use it to circumvent poorly designed IP filtering
and exploit another flaw. However, it is not dangerous by itself
Solution : drop source routed packets on this host or on other ingress
routers or firewalls.
From what I've known inthe past, to remediate this issue, I have changed a few things in the nddconfig script.
I have the setting: IP_FORWARD_SRC_ROUTED=0
I believe it was set to 1 by default.
I thought this setting was to not let this system act as a router.
Questions:
Do you think I am doing something wrong in my configuration?
Is there any way to show what the live system has for IP_FORWARD_SRC_ROUTED? I know what the nddscript says, but i want to make sure it is taking effect..
Thanks in advance if anyone can help.