UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Photon operating system must use TCP syncookies.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239109 PHTN-67-000037 SV-239109r816622_rule Medium
Description
A TCP SYN flood attack can cause a denial of service by filling a system's TCP connection table with connections in the SYN_RCVD state. Syncookies can be used to track a connection when a subsequent ACK is received, verifying the initiator is attempting a valid connection and is not a flood source. This feature is activated when a flood condition is detected and enables the system to continue servicing valid connection requests. Satisfies: SRG-OS-000142-GPOS-00071, SRG-OS-000420-GPOS-00186
STIG Date
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2022-01-03

Details

Check Text ( C-42320r816620_chk )
At the command line, execute the following command:

# /sbin/sysctl -a --pattern tcp_syncookies

Expected result:

net.ipv4.tcp_syncookies = 1

If the output does not match the expected result, this is a finding.
Fix Text (F-42279r816621_fix)
Open /etc/sysctl.conf with a text editor.

Add or update the following line:

net.ipv4.tcp_syncookies=1

Run the following command to load the new setting:

# /sbin/sysctl --load