Detections
Analytics
GEN003612 - The system must be configured to use TCP syncookies when experiencing a TCP SYN flood.
Information
A TCP SYN flood attack can cause Denial of Service by filling a system's TCP connection table with connections in the SYN_RCVD state. Syncookies are a mechanism used to not track a connection until a subsequent ACK is received, verifying the initiator is attempting a valid connection and is not a flood source. This technique does not operate in a fully standards-compliant manner, but is only activated when a flood condition is detected, and allows defense of the system while continuing to service valid requests.Solution
#/usr/sbin/no -p -o clean_partial_conns=1See Also
http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip
Item Details
Audit Name: DISA AIX 5.3 STIG v1r2
Category: SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|SC-7(12), CAT|II, CCI|CCI-001092, Rule-ID|SV-38803r1_rule, STIG-ID|GEN003612, Vuln-ID|V-22419
Plugin: Unix
Control ID: ae38ab4d54d51a6cf85fe1263a343a57c6c881427e4a5472c93c13e8e2b17e33