The IP protocol allows a host to specify the packet's route through your network, instead of allowing the network components to determine the best path. The only legitimate use that you may come across for this feature is to troubleshoot connections, but this is rare. It's far more common to be used to map your network for reconnaissance purposes, or when an attacker is attempting to locate a backdoor into your private network. Unless specifically needed for troubleshooting, this feature should be disabled.
Fortifying router security
Step 1: Change the default password!
Step 2: Disable IP directed broadcasts
Step 3: Disable HTTP configuration for the router, if possible
Step 4: Block ICMP ping requests
Step 5: Disable IP source routing
Step 6: Determine your packet filtering needs
Step 7: Establish Ingress and Egress address filtering policies
Step 8: Maintain physical security of the router
Step 9: Take the time to review the security logs
About the author
Chris Cox is a network administrator for the United States Army, based in Fort Irwin, California.
This tip originally appeared on SearchNetworking.com.