[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-91175-0

Platform: cpe:/o:ubuntu:ubuntu_linux:14.04Date: (C)2017-03-14   (M)2023-07-04



Enable TCP SYN Cookies (Scored) When tcp_syncookies is set, the kernel will handle TCP SYN packets normally until the half-open connection queue is full, at which time, the SYN cookie functionality kicks in. SYN cookies work by not using the SYN queue at all. Instead, the kernel simply replies to the SYN with a SYN|ACK, but will include a specially crafted TCP sequence number that encodes the source and destination IP address and port number and the time the packet was sent. A legitimate connection would send the ACK packet of the three way handshake with the specially crafted sequence number. This allows the server to verify that it has received a valid response to a SYN cookie and allow the connection, even though there is no corresponding SYN in the queue.


Parameter:

[enable/disable]


Technical Mechanism:

Attackers use SYN flood attacks to perform a denial of service attacked on a server by sending many SYN packets without completing the three way handshake. This will quickly use up slots in the kernel's half-open connection queue and prevent legitimate connections from succeeding. SYN cookies allow the server to keep accepting valid connections, even if under a denial of service attack. Fix: Set the net.ipv4.tcp_syncookies parameter to 1 in /etc/sysctl.conf: net.ipv4.tcp_syncookies=1 Modify active kernel parameters to match: # /sbin/sysctl -w net.ipv4.tcp_syncookies=1 # /sbin/sysctl -w net.ipv4.route.flush=1

CCSS Severity:CCSS Metrics:
CCSS Score : 8.2Attack Vector: NETWORK
Exploit Score: 3.9Attack Complexity: LOW
Impact Score: 4.2Privileges Required: NONE
Severity: HIGHUser Interaction: NONE
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HScope: UNCHANGED
 Confidentiality: LOW
 Integrity: NONE
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:33894


OVAL    1
oval:org.secpod.oval:def:33894
XCCDF    1
xccdf_org.secpod_benchmark_general_Ubuntu_14_04

© SecPod Technologies