The system must be configured to disable dead gateway detection.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4109 | 3.093 | SV-29607r2_rule | ECSC-1 | Low |
| Description |
|---|
| Dead gateway detection allows switching to a backup gateway if a number of connections to a gateway are experiencing difficulty. An attacker could force internal traffic to be directed to a gateway outside the network if enabled. This setting applies to all network adapters, regardless of their individual settings. |
| STIG | Date |
|---|---|
| Windows 2003 Member Server Security Technical Implementation Guide | 2015-06-24 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-53579r2_fix) |
|---|
| Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" to "Disabled". |