Configuration Management / IP Forwarding Enabled
Infrastructure
Description
IP Forwarding Enabled is a security weakness that allows attackers to route packets through the vulnerable host, potentially allowing to bypass some firewalls, routers or NAC filtering. Unless the host is a router, it is recommended to disable IP forwarding.
Risk
Attackers may use hosts with enabled IP Forwarding to traverse network boundaries or bypass firewalls, routers or NAC filtering. They may than be able to further explore the network and gain access to sensitive resources.
Solution
- On Linux, you can disable IP forwarding by the following command:
echo 0 > /proc/sys/net/ipv4/ip_forward
- On Windows, set the key
IPEnableRouter
to 0 underHKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
- On Mac OS X, you can disable IP forwarding by executing the command:
sysctl -w net.inet.ip.forwarding=0
- For other systems, check with your vendor.