The Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-207170	SRG-NET-000364-RTR-000116	SV-207170r856654_rule		Medium

Description

MSDP peering with customer network routers presents additional risks to the DISN Core, whether from a rogue or misconfigured MSDP-enabled router. To guard against an attack from malicious MSDP traffic, the receive path or interface filter for all MSDP-enabled RP routers must be configured to only accept MSDP packets from known MSDP peers.

STIG	Date
Router Security Requirements Guide	2024-05-28

Details

Check Text (C-7431r382538_chk)

Review the router configuration to determine if there is a receive path or interface filter to only accept MSDP packets from known MSDP peers.

If the router is not configured to only accept MSDP packets from known MSDP peers, this is a finding.

Fix Text (F-7431r382539_fix)

Ensure the receive path or interface filter for all MSDP routers only accepts MSDP packets from known MSDP peers.