Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Arista MSDP router must be configured to limit the amount of source-active messages it accepts on per-peer basis.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-255995 | ARST-RT-000090 | SV-255995r882327_rule | Low |
| Description |
|---|
| To reduce any risk of a denial-of-service (DoS) attack from a rogue or misconfigured MSDP router, the router must be configured to limit the number of source-active messages it accepts from each peer. |
| STIG | Date |
|---|---|
| Arista MLS EOS 4.2x Router Security Technical Implementation Guide | 2023-01-17 |
Details
| Check Text ( C-59671r882325_chk ) |
|---|
| To verify the MSDP peer and the sa-limit filter is configured, execute the command "show run | sec router msdp". router msdp peer 10.1.12.2 sa-limit 500 peer 10.1.55.78 sa-limit 900 If the Arista router is not configured with a peer limit, this is a finding. |
| Fix Text (F-59614r882326_fix) |
|---|
| Configure the Arista MSDP router to limit the amount of source-active messages it accepts from each peer. ! router (config) #router msdp router (config-router-msdp) #peer 10.1.1.5 router (config-router-msdp-peer 10.1.1.5) # sa-limit 500 router (config-router-msdp) #peer 10.1.55.78 router (config-router-msdp-peer 10.1.55.78) # sa-limit 900 router (config-router-msdp-peer 10.1.55.78) # exit |