MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) Vulnerability: An attacker could use source routed packets to obscure their identity and location. Source routing allows a computer that sends a packet to specify the route that the packet takes. Counter Measure: Configure the MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) entry to a value of Highest protection, source routing is completely disabled. The possible values for this registry entry are: * 0, 1, or 2. The default configuration is 1 (source routed packets are not forwarded). In the SCE UI, the following list of options appears: * No additional protection, source routed packets are allowed. * Medium, source routed packets ignored when IP forwarding is enabled. * Highest protection, source routing is completely disabled. * Not Defined. Potential Impact: If you configure this value to 2, all incoming source routed packets will be dropped. Fix: (1) GPO: Computer ConfigurationAdministrative TemplatesMSS (Legacy)MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (2) REG: NO INFO

[highest protection, source routing is completely disabled/medium, source routed packets ignored when IP forwarding is enabled/no additional protection, source routed packets are allowed]

(1) GPO: Computer Configuration\Administrative Templates\MSS (Legacy)\MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (2) REG: NO INFO