Disable: 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' for PerformRouterDiscovery MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) Counter Measure: Configure the MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) entry to a value of Disabled. The possible values for this registry entry are: ? 0, 1, or 2. The default configuration is 2 (enable only if DHCP sends the Perform Router Discovery option). In the SCE UI, these options appear as: ? 0 (Disabled) ? 1 (Enabled) ? 2 (enable only if DHCP sends the Perform Router Discovery option) ? Not Defined Potential Impact: If you disable this entry, Windows Server 2003 (which supports the IRDP) cannot automatically detect and configure default gateway addresses on the computer. [enable/disable] (1) GPO: Computer Configuration\Administrative Templates\MSS (Legacy)\MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery oval:org.secpod.oval:def:35049 SCAP Repo OVAL Definition 2016-06-10