Configuration Management / IP Forwarding Enabled

Infrastructure

Description

IP Forwarding Enabled is a security weakness that allows attackers to route packets through the vulnerable host, potentially allowing to bypass some firewalls, routers or NAC filtering. Unless the host is a router, it is recommended to disable IP forwarding.

Risk

Attackers may use hosts with enabled IP Forwarding to traverse network boundaries or bypass firewalls, routers or NAC filtering. They may than be able to further explore the network and gain access to sensitive resources.

Solution

On Linux, you can disable IP forwarding by the following command:
echo 0 > /proc/sys/net/ipv4/ip_forward
On Windows, set the key IPEnableRouter to 0 under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
On Mac OS X, you can disable IP forwarding by executing the command:
sysctl -w net.inet.ip.forwarding=0
For other systems, check with your vendor.

Curious? Convinced? Interested?

Arrange a no-obligation consultation with one of our product experts today.