Forum Discussion

Altostratus

Apr 27, 2017

IP-Source Routing Enabled - Vulnerability

Hey guys... Are we vulnerable at all to this? https://www.rapid7.com/db/vulnerabilities/generic-ip-source-routing-enabled IP Source Routing Enabled Source routing is a feature of the IP pr...

Employee

Apr 29, 2017

https://support.f5.com/csp/article/K10191

The BigIP will drop any packet that arrives with IP Options unless you have explicitly enabled them:

The IP drop counter increments when a packet contains an IP option. If the TM.AcceptIPOptions BigDB key is set to enable, the system accept IPv4 packets with IP options.

So unless you explicitly tell the BigIP otherwise it will not accept packets that use Source Routing. Fastl4 does not change this.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

IP-Source Routing Enabled - Vulnerability

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

Source IP Based Pool Routing

OpenSSH vulnerability

Mitigating Log4j Vulnerability using F5 BIG-IP

Block destination IP by source IP

Solving for true-source IP with global load balancers in Google Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS