Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22419 | GEN003612 | SV-64209r1_rule | ECSC-1 | Medium |
Description |
---|
A TCP SYN flood attack can cause Denial of Service by filling a system's TCP connection table with connections in the SYN_RCVD state. Syncookies are a mechanism used to only track a connection when a subsequent ACK is received, verifying the initiator is attempting a valid connection and is not a flood source. This technique does not operate in a fully standards-compliant manner, but is only activated when a flood condition is detected, and allows defense of the system while continuing to service valid requests. |
STIG | Date |
---|---|
Oracle Linux 5 Security Technical Implementation Guide | 2015-06-05 |
Check Text ( C-52667r1_chk ) |
---|
Verify the system configured to use TCP syncookies when experiencing a TCP SYN flood. # cat /proc/sys/net/ipv4/tcp_syncookies If the result is not "1", this is a finding. |
Fix Text (F-54821r1_fix) |
---|
Configure the system to use TCP syncookies when experiencing a TCP SYN flood. Edit /etc/sysctl.conf and add a setting for "net.ipv4.tcp_syncookies=1". # sysctl -p |