PHTN-67-000037 - The Photon operating system must use TCP syncookies.

Information

A TCP SYN flood attack can cause a denial of service by filling a system's TCP connection table with connections in the SYN_RCVD state. Syncookies can be used to track a connection when a subsequent ACK is received, verifying the initiator is attempting a valid connection and is not a flood source. This feature is activated when a flood condition is detected and enables the system to continue servicing valid connection requests.

Satisfies: SRG-OS-000142-GPOS-00071, SRG-OS-000420-GPOS-00186

Solution

Open /etc/sysctl.conf with a text editor.

Add or update the following line:

net.ipv4.tcp_syncookies=1

Run the following command to load the new setting:

# /sbin/sysctl --load

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5, 800-53|SC-5(2), CAT|II, CCI|CCI-001095, CCI|CCI-002385, Rule-ID|SV-239109r856040_rule, STIG-ID|PHTN-67-000037, Vuln-ID|V-239109

Plugin: Unix

Control ID: 31703746221afd609d6d1377198e9238849c0868c462e6ad132abfbbbae0c2b8