| V-69135 | Medium | The NSX Distributed Logical Router must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks. | Denial of service is a condition when a resource is not available for legitimate users. Packet flooding DDoS attacks are referred to as volumetric attacks and have the objective of overloading a... |
| V-69127 | Medium | The NSX Distributed Logical Router must be configured so inactive router interfaces are disabled. | An inactive interface is rarely monitored or controlled and may expose a network to an undetected attack on that interface. Unauthorized personnel with access to the communication facility could... |
| V-69133 | Medium | The NSX Distributed Logical Router must be configured to disable non-essential capabilities. | A compromised router introduces risk to the entire network infrastructure as well as data resources that are accessible via the network. The perimeter defense has no oversight or control of... |
| V-69129 | Medium | The NSX Distributed Logical Router must enable neighbor router authentication for control plane protocols. | A rogue router could send a fictitious routing update to convince a site's perimeter router to send traffic to an incorrect or even a rogue destination. This diverted traffic could be analyzed to... |
