The system must be configured to use TCP syncookies when experiencing a TCP SYN flood.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22419	GEN003612	SV-38803r1_rule	ECSC-1	Medium

Description
A TCP SYN flood attack can cause Denial of Service by filling a system's TCP connection table with connections in the SYN_RCVD state. Syncookies are a mechanism used to not track a connection until a subsequent ACK is received, verifying the initiator is attempting a valid connection and is not a flood source. This technique does not operate in a fully standards-compliant manner, but is only activated when a flood condition is detected, and allows defense of the system while continuing to service valid requests.

Description

A TCP SYN flood attack can cause Denial of Service by filling a system's TCP connection table with connections in the SYN_RCVD state. Syncookies are a mechanism used to not track a connection until a subsequent ACK is received, verifying the initiator is attempting a valid connection and is not a flood source. This technique does not operate in a fully standards-compliant manner, but is only activated when a flood condition is detected, and allows defense of the system while continuing to service valid requests.

STIG	Date
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE	2017-12-08

Details

Check Text ( C-37259r1_chk )
# /usr/sbin/no -o clean_partial_conns If the value returned is not 1, this is a finding.

Fix Text (F-32500r1_fix)
#/usr/sbin/no -p -o clean_partial_conns=1