Network: Source routing must be configured to the highest protection level to prevent Internet Protocol (IP) source routing

655d213f-bed4-43aa-9bbf-f4bf77a2defd

Configuring the system to disable IP source routing protects against spoofing.

Remediation

To fix this, configure the policy value for
Computer Configuration
|_ Administrative Templates
|_ MSS (Legacy)
|_ "MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)" to √čnabled"and to "Highest protection, source routing is completely disabled".

This policy setting requires the installation of the MSS-Legacy custom template. "MSS-Legacy.admx" and " MSS-Legacy.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively. Files are available at EventSentry GitHub Repository at: https://github.com/eventsentry/resources

Stig: Server:
2022: https://www.stigviewer.com/stig/microsoft_windows_server_2022/2023-09-11/finding/V-254336
2019: https://www.stigviewer.com/stig/microsoft_windows_server_2019/2023-09-11/finding/V-205859 / https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93235
2016: https://www.stigviewer.com/stig/microsoft_windows_server_2016/2023-08-22/finding/V-224917 / https://www.stigviewer.com/stig/windows_server_2016/2020-06-16/finding/V-73501

Nist 800-53: CM-1, CM-2, CM-6, CM-7, CM-7(1), CM-9, SA-3, SA-8, SA-10
Nist 800-171A: A.03.15.01.b[01]
CSCv7: 5.1
PCI-DDS v4: 1.1.1, 2.1.1, 3.1.1, 4.1.1, 5.1.1, 6.1.1, 7.1.1, 8.1.1, 9.1.1, 10.1.1, 11.1.1, 12.1, 12.1.1, 12.1.2
CMMC v2.1: Level2: CM.L2-3.4.1, CM.L2-3.4.2 Level3: CM.L2-3.4.1, CM.L2-3.4.2, CM.L3-3.4.1e, CM.L3-3.4.2e, SI.L3-3.14.3e