Free DISA STIG and SRG Library | Vaulted
  1. Security Guide Library
  2. Cisco IOS XE Release 3 RTR Security Technical Implementation Guide
  3. V-74133

V-74133

The Cisco IOSISR XE4000 Series router must have IP source routing disabled.

Finding ID
CISR-RT-000020
Rule ID
SV-88807r2_rule88807r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-NET-000195-RTR-000084
CCI
CCI-002403
Target Key
(None)
Documentable
No
Discussion

Source routing is a feature of IP, whereby individual packets can specify routes. This feature is used in several different network attacks by bypassing perimeter and internal defense mechanisms.

Fix Text

Configure the Cisco IOSISR XE4000 Series router to disable IP source routing, using the command below: ISR4000(config)#no ip source-route

Check Content

Review the configuration of the Cisco IOSISR XE4000 Series router to determine if source routing is enabled. If "ip source-routing" is in the configuration then it is enabled, this is a finding.

Vaulted is more than a library.

SIGN UP FOR FREE