The LAND DoS signature must be implemented to protect the enclave.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000244-IDPS-000231	SRG-NET-000244-IDPS-000231	SRG-NET-000244-IDPS-000231_rule		Medium

Description
The LAND attack is a DoS attack in which an attacker sends a TCP packet (with the SYN bit set) to a system in which the source and destination IP address (along with the source and destination port) are the same. If network traffic is not protected against this type of attack, this may cause a DoS on the network. An effective implementation is the use of an Atomic attack signature that looks at a single packet, because State information (tracking established connections) is not necessary in identifying this attack.

Description

The LAND attack is a DoS attack in which an attacker sends a TCP packet (with the SYN bit set) to a system in which the source and destination IP address (along with the source and destination port) are the same. If network traffic is not protected against this type of attack, this may cause a DoS on the network. An effective implementation is the use of an Atomic attack signature that looks at a single packet, because State information (tracking established connections) is not necessary in identifying this attack.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43395_chk )
Review the configuration and verify signatures are installed to protect against TCP SYN Flood attacks. If sensors are not configured with signatures that protect against LAND, this is a finding.

Fix Text (F-43395_fix)
Download and install signatures designed to protect against LAND attacks.