TCP backlog queue sizes must be set appropriately.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-23741 | GEN003601 | SV-29690r1_rule | ECSC-1 | Medium |
| Description |
|---|
| To provide some mitigation to TCP Denial of Service (DoS) attacks, the TCP backlog queue sizes must be set to at least 1280 or in accordance with product-specific guidelines. |
| STIG | Date |
|---|---|
| HP-UX 11.23 Security Technical Implementation Guide | 2015-12-02 |
Details
| Check Text ( C-30047r1_chk ) |
|---|
| Check the value of the tcp_syn_rcvd_max parameter. # ndd -get /dev/tcp tcp_syn_rcvd_max If the returned value is less than 1280, this is a finding. |
| Fix Text (F-26884r1_fix) |
|---|
| Set the tcp_syn_rcvd_max parameter to 1280. # ndd -set /dev/tcp tcp_syn_rcvd_max 1280 Edit /etc/rc.config.d/nddconf and add/set: TRANSPORT_NAME[x] = tcp NDD_NAME[x] = tcp_syn_rcvd_max NDD_VALUE[x] = 1280 |