Configuration Management / IP Forwarding Enabled

Infrastructure

Description

IP Forwarding Enabled is a security weakness that allows attackers to route packets through the vulnerable host, potentially allowing to bypass some firewalls, routers or NAC filtering. Unless the host is a router, it is recommended to disable IP forwarding.

Risk

Attackers may use hosts with enabled IP Forwarding to traverse network boundaries or bypass firewalls, routers or NAC filtering. They may than be able to further explore the network and gain access to sensitive resources.

Solution

  • On Linux, you can disable IP forwarding by the following command:
    echo 0 > /proc/sys/net/ipv4/ip_forward
  • On Windows, set the key IPEnableRouter to 0 under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
  • On Mac OS X, you can disable IP forwarding by executing the command:
    sysctl -w net.inet.ip.forwarding=0
  • For other systems, check with your vendor.

Curious? Convinced? Interested?

Arrange a no-obligation consultation with one of our product experts today.