Network: Internet Protocol version 6 (IPv6) source routing must be configured to the highest protection level to prevent IP source routing

d5030382-fcd1-4d7c-88e3-f1defebc7cf0

Configuring the system to disable IPv6 source routing protects against spoofing.

Remediation

To fix this, configure the policy value for Computer Configuration >> Administrative Templates >> MSS (Legacy) >> "MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)" to "Highest protection, source routing is completely disabled".

This policy setting requires the installation of the MSS-Legacy custom templates. "MSS-Legacy.admx" and " MSS-Legacy.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively. Files can be found here: https://www.microsoft.com/en-us/download/53430

Stig: Server: https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93233
Desktop: https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220795



stig-medium-desktop
compliance-desktop
compliance-server
desktop
server
stig-low-server