Back

Disable Internet Router Discovery Protocol.


CONTROL ID
01799
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure the settings of the system registry and the systems objects (for Windows OS only)., CC ID: 01781

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • This setting enables or disables IRDP. IRDP detects and configures default gateway addresses automatically. For Enterprise Client environments, the MSS: (PerformRouterDiscovery) Allow IRDP To Detect And Configure Default Gateway Addresses setting is Not Defined. For Specialized Security - Limited Fu… (Pg 43, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • Description: This control defines whether Internet Router Discovery Protocol (IRDP) is used to automatically detect and configure default gateway addresses. Rationale: Disabling router discovery will limit the potential for malicious network to successfully man-in-the-middle the system's network t… (1.9.43, The Center for Internet Security Microsoft Windows 7 - Enterprise-Desktop Benchmark, 1.1.0)
  • Description: This control defines whether Internet Router Discovery Protocol (IRDP) is used to automatically detect and configure default gateway addresses. Rationale: Disabling router discovery will limit the potential for malicious network to successfully man-in-the-middle the system's network t… (1.9.43, The Center for Internet Security Microsoft Windows 7 - Enterprise-Laptop Benchmark, 1.1.0)
  • Description: This control defines whether Internet Router Discovery Protocol (IRDP) is used to automatically detect and configure default gateway addresses. Rationale: Disabling router discovery will limit the potential for malicious network to successfully man-in-the-middle the system's network t… (1.9.43, The Center for Internet Security Microsoft Windows 7 - SSLF-Desktop Benchmark, 1.1.0)
  • Description: This control defines whether Internet Router Discovery Protocol (IRDP) is used to automatically detect and configure default gateway addresses. Rationale: Disabling router discovery will limit the potential for malicious network to successfully man-in-the-middle the system's network t… (1.9.43, The Center for Internet Security Microsoft Windows 7 - SSLF-Laptop Benchmark, 1.1.0)
  • Set "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery (REG_DWORD)" to 0 in order to protect the ICMP Router Discovery Protocol from being exploited by a known vulnerability using DHCP. (§ 3.2.2.19, The Center for Internet Security Windows 2000 Professional Benchmark, 2.2.1)
  • Set "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery (REG_DWORD)" to 0 in order to protect the ICMP Router Discovery Protocol from being exploited by a known vulnerability using DHCP. (§ 3.2.2.17, The Center for Internet Security Windows 2000 Server Benchmark, 2.2.1)
  • The organization must ensure router discovery is disabled. This setting prohibits the workstation from caching router advertisements. HKLMSystemCurrentControlSetServicesTcpip ParametersPerformRouterDiscovery (REG_DWORD) (§ 3.2.2.17, The Center for Internet Security Windows XP Professional SP1/SP2 Benchmark, 2.01)
  • If a default gateway is configured, router discovery should be disabled. (§ 4.16, Defense Information Systems Agency UNIX Security Technical Implementation Guide Version 5 Release 1, Version 5, Release 1)
  • The system should be configured to disable the Internet Router Discovery Protocol (IRDP). The "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure default gateway addresses (could lead to DoS)" value should be set to Disabled. (§ 5.3.8.43, DISA Windows Server 2003 Security Checklist, Version 6 Release 1.11)
  • The Internet Router Discovery Protocol (IRDP) should be disabled. The "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" value should be set to Disabled. (§ 3.5.7 (3.104), DISA Windows VISTA Security Checklist, Version 6 Release 1.11)
  • The Internet Router Discovery Protocol (IRDP) should be disabled. The "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" value should be set to Disabled. (§ 5.3.7.39, DISA Windows XP Security Checklist, Version 6 Release 1.11)
  • For Specialized Security - Limited Functionality systems, this setting should be Enabled. For the other Windows XP environments, this setting is Not Defined. (§ 6.2.3, Guidance for Securing Microsoft Windows XP Systems for IT Professionals, NIST SP 800-68, Revision 1)
  • The Internet Router Discovery Protocol (IRDP) detects and configures default gateway addresses automatically. The Allow IRDP to Detect And Configure Default Gateway Addresses setting (HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery) is Not Defined in Ente… (Pg 76, NSA Guide to Security Microsoft Windows XP)
  • Multicasting and routing discovery should be disabled. Router discovery cannot be performed when multicasting is disabled. (§ 2.13, NSA Guide to the Secure Configuration of Solaris 9, Version 1.0)