The IAO/NSO will implement tcp intercept features provided by the router or implement a filter to rate limit tcp syn to protect servers from any TCP SYN flood attacks from an outside network.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3165 | NET0960 | SV-16143r1_rule | ECSC-1 | Medium |
| Description |
|---|
| The TCP SYN attack involves transmitting a volume of connections that cannot be completed at the destination. This attack causes the connection queues to fill up, thereby denying service to legitimate TCP users. |
| STIG | Date |
|---|---|
| Perimeter L3 Switch Security Technical Implementation Guide - Cisco | 2015-04-06 |
Details
| Check Text ( C-3603r2_chk ) |
|---|
| Review the device configuration to determine if TCP Intercept has been configured to mitigate TCP SYN Flood attacks. If TCP Intercept has not been implemented, this is a finding. |
| Fix Text (F-3190r2_fix) |
|---|
| Configure the device to use TCP Intercept to protect against TCP SYN attacks from outside the network. |