Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Router (DR) for any undesirable multicast groups.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-55749 | SRG-NET-000019-RTR-000014 | SV-70003r2_rule | Low |
| Description |
|---|
| Real-time multicast traffic can entail multiple large flows of data. An attacker can flood a network segment with multicast packets, over-using the available bandwidth and thereby creating a denial-of-service (DoS) condition. Hence, it is imperative that join messages are only accepted for authorized multicast groups. |
| STIG | Date |
|---|---|
| Router Security Requirements Guide | 2018-01-26 |
Details
| Check Text ( C-56317r3_chk ) |
|---|
| Verify that the RP router is configured to filter PIM join messages for any reserved multicast groups. If the RP router peering with PIM-SM routers is not configured with a PIM import policy to block join messages for reserved and any undesirable multicast groups, this is a finding. |
| Fix Text (F-60621r2_fix) |
|---|
| RP routers that are peering with customer PIM-SM routers must implement a PIM import policy to block join messages for reserved and any undesirable multicast groups. |