GEN000000-AIX0220 - The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.
The tcp_tcpsecure parameter provides protection for TCP connections from fake SYN's, fake RST, and data injections on established connections. The first vulnerability involves sending a fake SYN to an established connection to abort the connection. The second vulnerability involves sending a fake RST to an established connection to abort the connection. The third vulnerability involves injecting fake data in an established TCP connection.
Set the tcp_tcpsecure parameter to 7. # /usr/sbin/no -p -o tcp_tcpsecure=7