5.098 - The system must limit how many times unacknowledged TCP data is retransmitted.

Information

In a SYN flood attack, the attacker sends a continuous stream of SYN packets to a server, and the server leaves the half-open connections open until it is overwhelmed and no longer is able to respond to legitimate requests.

Solution

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' to '3' or less.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2008_MS_V6R46_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12), CAT|III, CCI|CCI-002385, CSCv6|9, CSCv6|9.2, Rule-ID|SV-29373r2_rule, STIG-ID|5.098, Vuln-ID|V-4438

Plugin: Windows

Control ID: 77d79931550e8502a403fa8f406bf427c98741062e3806200e0d063191863af1