5.098 - The system must limit how many times unacknowledged TCP data is retransmitted.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

In a SYN flood attack, the attacker sends a continuous stream of SYN packets to a server, and the server leaves the half-open connections open until it is overwhelmed and no longer able to respond to legitimate requests.

Solution

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' to '3' or less.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2008_R2_MS_V1R33_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12), CAT|III, CCI|CCI-002385, CSCv6|9, CSCv6|9.2, Rule-ID|SV-32359r2_rule, STIG-ID|5.098, Vuln-ID|V-4438

Plugin: Windows

Control ID: e519b719a86ca43524dd88d115ea0460503bb493f21e9188a6ddd4598b88bd50