TCP intercept features must be provided by the network device by implementing a filter to rate limit and protect servers from any TCP SYN flood attacks from an outside network.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3165 | NET0960 | SV-3165r2_rule | ECSC-1 | Medium |
| Description |
|---|
| The TCP SYN attack involves transmitting a volume of connections that cannot be completed at the destination. This attack causes the connection queues to fill up, thereby denying service to legitimate TCP users. |
| STIG | Date |
|---|---|
| Perimeter Router Security Technical Implementation Guide | 2015-04-03 |
Details
| Check Text ( C-3603r2_chk ) |
|---|
| Review the device configuration to determine if TCP Intercept has been configured to mitigate TCP SYN Flood attacks. If TCP Intercept has not been implemented, this is a finding. |
| Fix Text (F-3190r2_fix) |
|---|
| Configure the device to use TCP Intercept to protect against TCP SYN attacks from outside the network. |