Network: Source routing must be configured to the highest protection level to prevent Internet Protocol (IP) source routing


Configuring the system to disable IP source routing protects against spoofing.


To fix this, configure the policy value for
Computer Configuration
|_ Administrative Templates
|_ MSS (Legacy)
|_ "MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)" to √čnabled"and to "Highest protection, source routing is completely disabled".

This policy setting requires the installation of the MSS-Legacy custom template. "MSS-Legacy.admx" and " MSS-Legacy.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively. Files are available at EventSentry GitHub Repository at:

Stig: Server:
2019: /
2016: /

Nist 800-53: CM-1, CM-2, CM-6, CM-7, CM-7(1), CM-9, SA-3, SA-8, SA-10
Nist 800-171A: A.03.15.01.b[01]
CSCv7: 5.1
PCI-DDS v4: 1.1.1, 2.1.1, 3.1.1, 4.1.1, 5.1.1, 6.1.1, 7.1.1, 8.1.1, 9.1.1, 10.1.1, 11.1.1, 12.1, 12.1.1, 12.1.2
CMMC v2.1: Level2: CM.L2-3.4.1, CM.L2-3.4.2 Level3: CM.L2-3.4.1, CM.L2-3.4.2, CM.L3-3.4.1e, CM.L3-3.4.2e, SI.L3-3.14.3e