We are running security scans on our machines.
I am concerned with my solaris 9 box running on a 280r. got the following message.

The remote host accepts loose source routed IP packets.
The feature was designed for testing purpose.
An attacker may use it to circumvent poorly designed IP filtering
and exploit another flaw. However, it is not dangerous by itself
Solution : drop source routed packets on this host or on other ingress
routers or firewalls.

From what I've known inthe past, to remediate this issue, I have changed a few things in the nddconfig script.

I have the setting: IP_FORWARD_SRC_ROUTED=0

I believe it was set to 1 by default.
I thought this setting was to not let this system act as a router.

Questions:

Do you think I am doing something wrong in my configuration?
Is there any way to show what the live system has for IP_FORWARD_SRC_ROUTED? I know what the nddscript says, but i want to make sure it is taking effect..

Thanks in advance if anyone can help.

This is a confusing issue. The ip protocol that we have used for many years is version 4 of the ip protocol. Version 6 is starting to be deployed as well. ip_forward_src_routed controls version 4's behavior. It has a counterpart ip6_forward_src_routed to control version 6's behavior. This risk is very trivial but I think they should both be zero anyway. Check them with:

ndd -get /dev/ip ip_forward_src_routed
ndd -get /dev/ip ip6_forward_src_routed

Not acting as a router is different. Let's say that you have an hme0 interface. Then use:

ndd -get /dev/ip ip_forwarding
ndd -get /dev/ip ip6_forwarding
ndd -get /dev/ip hme0:ip_forwarding
ndd -get /dev/ip lo0:ip_forwarding

I'm not sure how the last two interact first the first two. But if a paramater has the string "forward" anywhere in it, zero it out until the need for non-zero is proven. I'm not sure exactly what ip_forward_directed_broadcasts does. But zero it out too. ("directed_broadcasts"... kinda like "jumbo shrimp" )