The system must use initial TCP sequence numbers most resistant to sequence number guessing attacks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-12001 | GEN003580 | SV-38838r1_rule | ECSC-1 | Medium |
| Description |
|---|
| One use of initial TCP sequence numbers is to verify bidirectional communication between two hosts, which provides some protection against spoofed source addresses being used by the connection originator. If the initial TCP sequence numbers for a host can be determined by an attacker, it may be possible to establish a TCP connection from a spoofed source address without bidirectional communication. |
| STIG | Date |
|---|---|
| Draft AIX Security Technical Implementation Guide | 2011-08-17 |
Details
| Check Text ( C-37227r1_chk ) |
|---|
| # instfix -ik iy55950, this applies to AIX 4.3 and AIX 5.1. # instfix -ik iy55949 , this applies to AIX 5.2. # instfix -ik iy62006, this applies to AIX 5.3. If the above patches (or successors) are not applied, this is a finding. |
| Fix Text (F-32489r1_fix) |
|---|
| Install these patches (or successors): iy55950, iy55949, iy62006. Keep OS patches / TL(Technology Levels) and SP (Service Packs) current. Use a web browser to check the vendor's website for Patches, Technology Levels, and Service Packs. |