Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-253994 | JUEX-RT-000220 | SV-253994r844015_rule | Low |
Description |
---|
Real-time multicast traffic can entail multiple large flows of data. An attacker can flood a network segment with multicast packets, over-using the available bandwidth and thereby creating a denial-of-service (DoS) condition. Hence, it is imperative that register messages are accepted only for authorized multicast groups and sources. |
STIG | Date |
---|---|
Juniper EX Series Switches Router Security Technical Implementation Guide | 2024-06-10 |
Check Text ( C-57446r844013_chk ) |
---|
Verify that the RP router is configured to filter PIM register messages from unauthorized multicast groups and sources. [edit policy-options] policy-statement term filter_groups { from { route-filter route-filter } then reject; } term filter_sources { from { source-address-filter |
Fix Text (F-57397r844014_fix) |
---|
Configure the RP router to filter PIM register messages received from a multicast DR for any undesirable multicast groups or sources. set policy-options policy-statement set policy-options policy-statement set policy-options policy-statement set policy-options policy-statement set policy-options policy-statement set policy-options policy-statement set policy-options policy-statement set protocols pim rp rp-register-policy |