The router must manage excess capacity and bandwidth, or have other redundancies to limit the effects of information flooding types of denial of service attacks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000193-RTR-NA	SRG-NET-000193-RTR-NA	SRG-NET-000193-RTR-NA_rule		Medium

Description
A network element experiencing a DoS attack will not be able to handle production traffic load. The high utilization and CPU load caused by a DoS attack will also have an effect on control keep-alives and timers used for neighbor peering resulting in route flapping and eventually black hole production traffic. The device must be configured to contain and limit a DoS attack's effect on the device's resource utilization. This requirement is applicable to network architecture and is not applicable to the routing function.

Description

A network element experiencing a DoS attack will not be able to handle production traffic load. The high utilization and CPU load caused by a DoS attack will also have an effect on control keep-alives and timers used for neighbor peering resulting in route flapping and eventually black hole production traffic. The device must be configured to contain and limit a DoS attack's effect on the device's resource utilization. This requirement is applicable to network architecture and is not applicable to the routing function.

STIG	Date
Router Security Requirements Guide	2013-07-30

Details

Check Text ( C-SRG-NET-000193-RTR-NA_chk )
This requirement is NA for router.

Fix Text (F-SRG-NET-000193-RTR-NA_fix)
This requirement is NA for router.