| VID |
13006 |
| Severity |
30 |
| Port |
|
| Protocol |
IP |
| Class |
Protocol |
| Detailed Description |
The host is detected to have IP forwarding enabled.
IP forwarding allow a host to act as a router, allowing other hosts to forward packets through the host. If the target host is acting as a firewall, it is essential that IP forwarding be disabled, or an attacker can simply route through the target host directly to access systems behind this system.
* References:
http://www.iss.net/security_center/static/193.php |
| Recommendation |
Disable IP forwarding unless this host is acting as a gateway.
To be disable IP Forwarding in Windows:
1. Use Registry Editor (Regedt32.exe) to view the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
2. Set the following registry value:
Value Name: IPEnableRouter
Value type: REG_DWORD
Value Data: 0
3. Restart the system
To be disable IP Forwarding in Solaris:
# ndd /dev/ip ip_forwarding
1
# ndd -set /dev/ip ip_forwarding 0
# ndd /dev/ip ip_forwarding
0
To be disable IP Forwarding in AIX:
# no -o ipforwarding
ipforwarding = 1
# no -o ipforwarding=0
# no -o ipforwarding
ipforwarding = 0
To be disable IP Forwarding in HP-UX:
1. Edit '/etc/conf/netinet/ip_var.h' file
2. Go to the line '#define IPFORWARDING 1'
3. Modify '1' to '0'
4. Recompile kernel (by typing 'make' command) at /stand/build directory, and Reboot the system |
| Related URL |
CVE-1999-0511 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
