nuclei-templates/file/audit/cisco/disable-ip-source-route.yaml

26 lines
767 B
YAML

id: disable-ip-source-route
info:
name: Disable IP source-route
author: pussycat0x
severity: info
description: |
Organizations should plan and implement network policies to ensure unnecessary services are explicitly disabled. The 'ip source-route' feature has been used in several attacks and should be disabled.
reference:
- https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-i4.html#GUID-C7F971DD-358F-4B43-9F3E-244F5D4A3A93
tags: cisco,config-audit,cisco-switch,router
file:
- extensions:
- conf
matchers-condition: and
matchers:
- type: word
words:
- "no ip source-route"
negative: true
- type: word
words:
- "configure terminal"