3.15 Set Maximum Number of Half-open TCP Connections - current tcp = 4096

Information

This setting controls how many half-open connections can exist for a TCP port.

It is necessary to control the number of completed connections to the system to provide some protection against Denial of Service attacks. Note that the value of 4096 is a minimum to establish a good security posture for this setting. In environments where connections numbers are high, such as a busy webserver, this value may need to be increased.

Solution

To enforce this setting, use the command:
# ipadm set-prop -p _conn_req_max_q0=4096 tcp

See Also

https://workbench.cisecurity.org/files/611

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12), CSCv6|9.2

Plugin: Unix

Control ID: 7abe8c145f4ba56b27b08f722807249bb91ad9bc04e76983725eb5bdc75e309c