Check: 5.098
Windows 2003 DC STIG:
5.098
(in version v6 r40)
Title
TCP data retransmissions are not controlled. (Cat III impact)
Discussion
In a SYN flood attack, the attacker sends a continuous stream of SYN packets to a server, and the server leaves the half-open connections open until it is overwhelmed and no longer is able to respond to legitimate requests.
Check Content
Fix Text
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> “MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default)” to “3” or less.
Additional Identifiers
Rule ID: SV-29371r1_rule
Vulnerability ID: V-4438
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-002385 |
Protect against or limit the effects of organization-defined types of denial-of-service events. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| SC-5 |
Denial of Service Protection |