Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-29497 | GEN000000-AIX0220 | SV-38701r1_rule | ECSC-1 | Medium |
| Description |
|---|
| The tcp_tcpsecure parameter provides protection for TCP connections from fake SYN's, fake RST, and data injections on established connections. The first vulnerability involves sending a fake SYN to an established connection to abort the connection. The second vulnerability involves sending a fake RST to an established connection to abort the connection. The third vulnerability involves injecting fake data in an established TCP connection. |
| STIG | Date |
|---|---|
| AIX 6.1 Security Technical Implementation Guide | 2013-03-27 |
Details
| Check Text ( C-37797r1_chk ) |
|---|
| Check the value of the tcp_tcpsecure parameter. # /usr/sbin/no -o tcp_tcpsecure If the value returned is not 7, this is a finding. |
| Fix Text (F-33055r1_fix) |
|---|
| Set the tcp_tcpsecure parameter to 7. # /usr/sbin/no -p -o tcp_tcpsecure=7 |