5.098 - The system must limit how many times unacknowledged TCP data is retransmitted.

Information

In a SYN flood attack, the attacker sends a continuous stream of SYN packets to a server, and the server leaves the half-open connections open until it is overwhelmed and no longer able to respond to legitimate requests.

Solution

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' to '3' or less.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2008_R2_DC_V1R34_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12), CAT|III, CCI|CCI-002385, CSCv6|9, CSCv6|9.2, Rule-ID|SV-32359r2_rule, STIG-ID|5.098, Vuln-ID|V-4438

Plugin: Windows

Control ID: 3ab122729f93d5262c5e4289d1f86e9f97ed2fe54221c598fa860a17defa42d3