WN12-SO-000048 - The system must limit how many times unacknowledged TCP data is retransmitted.

Information

In a SYN flood attack, the attacker sends a continuous stream of SYN packets to a server, and the server leaves the half-open connections open until it is overwhelmed and is no longer able to respond to legitimate requests.

Solution

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' to '3' or less.

(See 'Updating the Windows Security Options File' in the STIG Overview document if MSS settings are not visible in the system's policy tools.)

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_DC_V3R4_STIG.zip

Item Details

References: CAT|III, CCI|CCI-002385, Rule-ID|SV-226312r794565_rule, STIG-ID|WN12-SO-000048, STIG-Legacy|SV-52929, STIG-Legacy|V-4438, Vuln-ID|V-226312

Plugin: Windows

Control ID: 41134d0f3a7e88ea037ac1bfecefa74e3fb9f401c6aeac17f11f35860aa935ca