GEN000000-AIX0220 – The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.

Details

The tcp_tcpsecure parameter provides protection for TCP connections from fake SYN’s, fake RST, and data injections on established connections. The first vulnerability involves sending a fake SYN to an established connection to abort the connection. The second vulnerability involves sending a fake RST to an established connection to abort the connection. The third vulnerability involves injecting fake data in an established TCP connection.

Solution

Set the tcp_tcpsecure parameter to 7.

# /usr/sbin/no -p -o tcp_tcpsecure=7

Supportive Information

The following resource is also helpful.

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

800-53|AC-4(8)
CAT|II
CCI|CCI-000032
Group-ID|V-29497
Rule-ID|SV-38701r1_rule
STIG-ID|GEN000000-AIX0220
Vuln-ID|V-29497

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles