Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-253995 | JUEX-RT-000230 | SV-253995r844018_rule | Low |
Description |
---|
Real-time multicast traffic can entail multiple large flows of data. An attacker can flood a network segment with multicast packets, over-using the available bandwidth and thereby creating a denial-of-service (DoS) condition. Hence, it is imperative that join messages are only accepted for authorized multicast groups. |
STIG | Date |
---|---|
Juniper EX Series Switches Router Security Technical Implementation Guide | 2023-03-23 |
Check Text ( C-57447r844016_chk ) |
---|
Verify that the RP router is configured to filter PIM register messages. [edit policy-options] policy-statement term filter_groups { from { route-filter route-filter } then reject; } term filter_sources { from { source-address-filter |
Fix Text (F-57398r844017_fix) |
---|
RP routers that are peering with customer PIM-SM routers must implement a PIM import policy to block join messages for reserved and any undesirable multicast groups. set policy-options policy-statement set policy-options policy-statement set policy-options policy-statement set policy-options policy-statement set policy-options policy-statement set policy-options policy-statement set policy-options policy-statement set protocols pim import |