UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Juniper SRX Services Gateway must configure the control plane to protect against or limit the effects of common types of Denial of Service (DoS) attacks on the device itself by configuring applicable system options and internet-options.


Overview

Finding ID Version Rule ID IA Controls Severity
V-223233 JUSX-DM-000162 SV-223233r513388_rule Medium
Description
DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. Juniper SRX uses the system commands, system internet-options, and screens to mitigate the impact of DoS attacks on device availability.
STIG Date
Juniper SRX SG NDM Security Technical Implementation Guide 2021-03-25

Details

Check Text ( C-24906r513386_chk )
Verify the system options are configured to protect against DoS attacks.

[edit]
show system
show system internet-options

If the system and system-options which limit the effects of common types of DoS attacks are not configured in compliance with DoD requirements, this is a finding.
Fix Text (F-24894r513387_fix)
Configure the system and system-options to protect against DoS attacks.

[edit]
set system no-redirects
set system no-ping-record-route
set system no-ping-time-stamp
set system internet-options icmpv4-rate-limit packet-rate 50
set system internet-options icmpv6-rate-limit packet-rate 50
set system internet-options no-ipip-path-mtu-discovery
set system internet-options no-source-quench
set system internet-options tcp-drop-synfin-set
set system internet-options no-ipv6-path-mtu-discovery
set system internet-options no-tcp-reset drop-all-tcp