From Juniper SRX SG NDM Security Technical Implementation Guide
Part of SRG-APP-000435-NDM-000315
Associated with: CCI-002385
DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity.
Verify the system options are configured to protect against DoS attacks. [edit] show system show system internet-options If the system and system-options which limit the effects of common types of DoS attacks are not configured in compliance with DoD requirements, this is a finding.
Configure the system and system-options to protect against DoS attacks. [edit] set system no-redirects set system no-ping-record-route set system no-ping-time-stamp set system internet-options icmpv4-rate-limit packet-rate 50 set system internet-options icmpv6-rate-limit packet-rate 50 set system internet-options no-ipip-path-mtu-discovery set system internet-options no-source-quench set system internet-options tcp-drop-synfin-set set system internet-options no-ipv6-path-mtu-discovery set system internet-options no-tcp-reset drop-all-tcp
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer