GEN003601 - TCP backlog queue sizes must be set appropriately.

Information

To provide some mitigation to TCP DoS attacks, the clear_partial_conns parameter must be enabled.

Solution

# /usr/sbin/no -po clean_partial_conns=1

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Audit Name: DISA AIX 5.3 STIG v1r2

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12), CAT|II, CCI|CCI-000366, Rule-ID|SV-38796r1_rule, STIG-ID|GEN003601, Vuln-ID|V-23741

Plugin: Unix

Control ID: 992e47d2d4bee5b6512cd3c3fd3054be06a2e878aca4cac0fa49646f85a6b98a