Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must ensure IP hijacking signatures have been implemented.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000244-IDPS-000229 | SRG-NET-000244-IDPS-000229 | SRG-NET-000244-IDPS-000229_rule | Medium |
| Description |
|---|
| There are a number of publicly available tools that exist to facilitate the hijacking of TCP sessions. An attacker using such tools can determine the TCP sequence and acknowledgement numbers that two hosts are using in a communication session. This information could enable the attacker to take over the legitimate network connection of an authorized user and inject commands into the session. This is particularly serious because most forms of one-time passwords do not prevent this access. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43393_chk ) |
|---|
| Identify the signatures which monitor for IP hijacking of TCP sessions. If a signature that monitors for IP hijacking is not installed, this is a finding. |
| Fix Text (F-43393_fix) |
|---|
| Download and install the latest signatures designed to monitor for IP hijacking of TCP sessions. |