d5030382-fcd1-4d7c-88e3-f1defebc7cf0
Network: Internet Protocol version 6 (IPv6) source routing must be configured to the highest protection level to prevent IP source routing.
Configuring the system to disable IPv6 source routing protects against spoofing.
To fix this, configure the policy value for
Computer Configuration
|_ Administrative Templates
|_ MSS (Legacy)
|_ "MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)" to "Highest protection, source routing is completely disabled".
This policy setting requires the installation of the MSS-Legacy custom template. "MSS-Legacy.admx" and " MSS-Legacy.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively. Files are available at EventSentry GitHub Repository at: https://github.com/eventsentry/resources
Stig: Server:
2022: https://www.stigviewer.com/stig/microsoft_windows_server_2022/2023-09-11/finding/V-254335
2019: https://www.stigviewer.com/stig/microsoft_windows_server_2019/2023-09-11/finding/V-205858 / https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93233
2016: https://www.stigviewer.com/stig/microsoft_windows_server_2016/2023-08-22/finding/V-224916 / https://www.stigviewer.com/stig/windows_server_2016/2020-06-16/finding/V-73499
Desktop:
W11: https://www.stigviewer.com/stig/microsoft_windows_11/2023-09-29/finding/V-253353
W10: https://www.stigviewer.com/stig/microsoft_windows_10/2023-09-29/finding/V-220795 / https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220795
Nist 800-53: CM-1, CM-2, CM-6, CM-7, CM-7(1), CM-9, SA-3, SA-8, SA-10
Nist 800-171A: A.03.15.01.b[01]
CSCv7: 5.1
PCI-DDS v4: 1.1.1, 2.1.1, 3.1.1, 4.1.1, 5.1.1, 6.1.1, 7.1.1, 8.1.1, 9.1.1, 10.1.1, 11.1.1, 12.1, 12.1.1, 12.1.2
CMMC v2.1: Level2: CM.L2-3.4.1, CM.L2-3.4.2 Level3: CM.L2-3.4.1, CM.L2-3.4.2, CM.L3-3.4.1e, CM.L3-3.4.2e, SI.L3-3.14.3e