UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to limit the amount of source-active messages it accepts on per-peer basis.


Overview

Finding ID Version Rule ID IA Controls Severity
V-217097 JUNI-RT-000930 SV-217097r604135_rule Low
Description
To reduce any risk of a denial-of-service (DoS) attack from a rogue or misconfigured MSDP router, the router must be configured to limit the number of source-active messages it accepts from each peer.
STIG Date
Juniper Router RTR Security Technical Implementation Guide 2022-06-07

Details

Check Text ( C-18326r297159_chk )
Review the router configuration to determine if it is configured to limit the amount of source-active messages it accepts on a per-peer basis.

protocols {



}
msdp {
export SA_EXPORT;
import SA_IMPORT;
group AS25 {
peer x.x.x.x {
active-source-limit {
maximum nnn;
}

If the router is not configured to limit the source-active messages it accepts, this is a finding.
Fix Text (F-18324r297160_fix)
Configure the router to limit the amount of source-active messages it accepts from each peer.

[edit protocols msdp group AS25 peer x.x.x.x]
set active-source-limit maximum nnn