Forum Discussion

Altostratus

Apr 27, 2017

IP-Source Routing Enabled - Vulnerability

Hey guys... Are we vulnerable at all to this? https://www.rapid7.com/db/vulnerabilities/generic-ip-source-routing-enabled IP Source Routing Enabled Source routing is a feature of the IP pr...

Employee

Apr 29, 2017

https://support.f5.com/csp/article/K10191

The BigIP will drop any packet that arrives with IP Options unless you have explicitly enabled them:

The IP drop counter increments when a packet contains an IP option. If the TM.AcceptIPOptions BigDB key is set to enable, the system accept IPv4 packets with IP options.

So unless you explicitly tell the BigIP otherwise it will not accept packets that use Source Routing. Fastl4 does not change this.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

IP-Source Routing Enabled - Vulnerability

F5 AppWorld 2026 Registration - early bird pricing.

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

SSO login for APM Profiles

smtp port vs 25 and pool member 587

Need F5 iRules Consultant - HTTP Header Manipulation Issues

What Certificates should be where? GSLB Trust Certificates vs Device Trusted Certificates

F5 Access Guard Deprecated: ZTA APM

Related Content

Source IP Based Pool Routing

OpenSSH vulnerability

Mitigating Log4j Vulnerability using F5 BIG-IP

BYOEDR, Undetectable backdoor, WhoFi, Cyberattack to airline, and Clickjacking vulnerability

Block destination IP by source IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS