nuclei-templates/file/audit/cisco/disable-ip-source-route.yaml

id: disable-ip-source-route

info:
  name: Disable IP source-route
  author: pussycat0x
  severity: info
  description: |
      Organizations should plan and implement network policies to ensure unnecessary services are explicitly disabled. The 'ip source-route' feature has been used in several attacks and should be disabled.
  reference:
    - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-i4.html#GUID-C7F971DD-358F-4B43-9F3E-244F5D4A3A93
  tags: cisco,config-audit,cisco-switch,router

file:
  - extensions:
      - conf

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "no ip source-route"
        negative: true

      - type: word
        words:
          - "configure terminal"
Add files via upload 2022-05-28 08:26:55 +00:00			`id: disable-ip-source-route`

			`info:`
			`name: Disable IP source-route`
			`author: pussycat0x`
			`severity: info`
Update disable-ip-source-route.yaml 2022-05-31 06:21:05 +00:00			`description: \|`
			`Organizations should plan and implement network policies to ensure unnecessary services are explicitly disabled. The 'ip source-route' feature has been used in several attacks and should be disabled.`
			`reference:`
			`- https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-i4.html#GUID-C7F971DD-358F-4B43-9F3E-244F5D4A3A93`
			`tags: cisco,config-audit,cisco-switch,router`
Add files via upload 2022-05-28 08:26:55 +00:00
			`file:`
			`- extensions:`
			`- conf`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- "no ip source-route"`
Update disable-ip-source-route.yaml 2022-05-28 08:31:12 +00:00			`negative: true`
Added positive matcher to avoid false positive result. (#4517) 2022-05-31 14:43:08 +00:00
			`- type: word`
			`words:`
			`- "configure terminal"`