GEN003612 - The system must be configured to use TCP syncookies when experiencing a TCP SYN flood.

Information

A TCP SYN flood attack can cause Denial of Service by filling a system's TCP connection table with connections in the SYN_RCVD state. Syncookies are a mechanism used to not track a connection until a subsequent ACK is received, verifying the initiator is attempting a valid connection and is not a flood source. This technique does not operate in a fully standards-compliant manner, but is only activated when a flood condition is detected, and allows defense of the system while continuing to service valid requests.

Solution

#/usr/sbin/no -p -o clean_partial_conns=1

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5, CAT|II, CCI|CCI-001092, Group-ID|V-22419, Rule-ID|SV-38803r1_rule, STIG-ID|GEN003612, Vuln-ID|V-22419

Plugin: Unix

Control ID: d9fe440f04e05df84b66d6b14d2b7e27b0746488adaecceac287110e27a59f88