remote host accepts loose source routed IP packets

[el kalin]

ok..  this is getting a bit ridiculous…

just did a brand new install of the freebsd 9.3 aim on amazon…

with nothing installed on it and only ssh open i get the same result when
scanning with openvas:

"Summary:
 The remote host accepts loose source routed IP packets.
The feature was designed for testing purpose.
An attacker may use it to circumvent poorly designed IP filtering
and exploit another flaw. However, it is not dangerous by itself.
 Solution:
 drop source routed packets on this host or on other ingress
routers or firewalls.'

and by default:
# sysctl -a | grep accept_sourceroute
net.inet.ip.accept_sourceroute: 0

thing is the other machine - the bsd 10 - was scanned with the sameopen vas
setup and with a service called hackerguardian offered by a compony called
comodo. they sell that service as a pci compliance scan. both machines are
non compliant according to both the openvas scan and the hackerguardian
one…

i can't be done with this job if i can't pass the pci scan…

i'd appreciate any help…

thanks...


now what?






On Sun, Oct 5, 2014 at 1:09 PM, el kalin <kalin at el.net> wrote:

> thanks brandon…  but that didn't help….
>
> i still get the same result…
>
> i guess i'd report this as a bug…
>
>
> On Sun, Oct 5, 2014 at 11:58 AM, Brandon Vincent <Brandon.Vincent at asu.edu>
> wrote:
>
>> On Sun, Oct 5, 2014 at 8:33 AM, el kalin <kalin at el.net> wrote:
>> > should is submit this as a bug?
>>
>> Can you first try adding "set block-policy return" to pf.conf? OpenVAS
>> might be assuming that a lack of response from your system to source
>> routed packets is an acknowledgement that it is accepting them.
>>
>> Brandon Vincent
>>
>
>