The system must be configured to use TCP syncookies when experiencing a TCP SYN flood.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22419	GEN003612	SV-26083r1_rule	ECSC-1	Medium

Description
A TCP SYN flood attack can cause Denial of Service by filling a system's TCP connection table with connections in the SYN_RCVD state. Syncookies are a mechanism used to not track a connection until a subsequent ACK is received, verifying the initiator is attempting a valid connection and is not a flood source. This technique does not operate in a fully standards-compliant manner, but is only activated when a flood condition is detected, and allows defense of the system while continuing to service valid requests.

Description

A TCP SYN flood attack can cause Denial of Service by filling a system's TCP connection table with connections in the SYN_RCVD state. Syncookies are a mechanism used to not track a connection until a subsequent ACK is received, verifying the initiator is attempting a valid connection and is not a flood source. This technique does not operate in a fully standards-compliant manner, but is only activated when a flood condition is detected, and allows defense of the system while continuing to service valid requests.

STIG	Date
UNIX SRG	2013-03-26

Details

Check Text ( C-30377r1_chk )
Consult vendor documentation to determine if a separate configuration setting exists for this feature. If the feature is present and disabled, this is a finding. If the feature does not exist for the system, this is not applicable.

Fix Text (F-34733r1_fix)
Consult vendor documentation for the procedure for enabling the syncookie feature, if the feature is supported for the platform.