UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must use initial TCP sequence numbers most resistant to sequence number guessing attacks.


Overview

Finding ID Version Rule ID IA Controls Severity
V-12001 GEN003580 SV-38838r1_rule ECSC-1 Medium
Description
One use of initial TCP sequence numbers is to verify bidirectional communication between two hosts, which provides some protection against spoofed source addresses being used by the connection originator. If the initial TCP sequence numbers for a host can be determined by an attacker, it may be possible to establish a TCP connection from a spoofed source address without bidirectional communication.
STIG Date
AIX 5.3 Security Technical Implementation Guide 2013-03-26

Details

Check Text ( C-37227r3_chk )
Check the system for the iy62006 patch.

# instfix -ik iy62006

If the above patches (or successors) are not applied, this is a finding.
Fix Text (F-32489r2_fix)
Install the iy62006 patch or its successors.