MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)ID: oval:gov.nist.usgcb.windowsseven:def:134 | Date: (C)2012-04-13 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
This setting is used to enable or disabled the Internet Router Discovery Protocol (IRDP). IRDP allows the system to detect and configure Default Gateway addresses automatically. HKLM\System\CurrentControlSet\Tcpip\Parameters\PerformRouterDiscovery
It enables or disables the Internet Router Discovery Protocol (IRDP). IRDP allows the computer to detect and configure default gateway addresses automatically (as described in RFC 1256) on a per-interface basis.
Vulnerability:
An attacker who has gained control of a computer on the same network segment as a router could configure a computer on the network to impersonate the router. Other computers with IRDP enabled would then attempt to route their traffic through the already compromised computer.
Countermeasure:
Configure the PerformRouterDiscovery entry to a value of 0 - Disabled.
Potential impact:
If you disable this entry, servers cannot automatically detect and configure default gateway addresses on the computer.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters!PerformRouterDiscovery
Platform: |
Microsoft Windows 7 |