[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-95058-4

Platform: cpe:/o:debian:debian_linux:11.x, cpe:/o:ubuntu:ubuntu_linux:20.04, cpe:/o:ubuntu:ubuntu_linux:22.04, cpe:/o:ubuntu:ubuntu_linux:23.04Date: (C)2020-10-15   (M)2023-09-01



When tcp_syncookies is set, the kernel will handle TCP SYN packets normally until the half-open connection queue is full, at which time, the SYN cookie functionality kicks in. SYN cookies work by not using the SYN queue at all. Instead, the kernel simply replies to the SYN with a SYN|ACK, but will include a specially crafted TCP sequence number that encodes the source and destination IP address and port number and the time the packet was sent. A legitimate connection would send the ACK packet of the three way handshake with the specially crafted sequence number. This allows the server to verify that it has received a valid response to a SYN cookie and allow the connection, even though there is no corresponding SYN in the queue. Rationale: Attackers use SYN flood attacks to perform a denial of service attacked on a server by sending many SYN packets without completing the three way handshake. This will quickly use up slots in the kernels half-open connection queue and prevent legitimate connections from succeeding. SYN cookies allow the server to keep accepting valid connections, even if under a denial of service attack. Fix: Set the net.ipv4.tcp_syncookies parameter to 1 in /etc/sysctl.conf and run sysctl -p command: net.ipv4.tcp_syncookies=1 Modify active kernel parameters to match: # /sbin/sysctl -w net.ipv4.tcp_syncookies=1 # /sbin/sysctl -w net.ipv4.route.flush=1


Parameter:

[yes/no]


Technical Mechanism:

Set the net.ipv4.tcp_syncookies parameter to 1 in /etc/sysctl.conf: net.ipv4.tcp_syncookies=1 Modify active kernel parameters to match: # /sbin/sysctl -w net.ipv4.tcp_syncookies=1 # /sbin/sysctl -w net.ipv4.route.flush=1

CCSS Severity:CCSS Metrics:
CCSS Score : 8.2Attack Vector: NETWORK
Exploit Score: 3.9Attack Complexity: LOW
Impact Score: 4.2Privileges Required: NONE
Severity: HIGHUser Interaction: NONE
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HScope: UNCHANGED
 Confidentiality: LOW
 Integrity: NONE
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:87334
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:85134
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:92248
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:66007


OVAL    4
oval:org.secpod.oval:def:92248
oval:org.secpod.oval:def:66007
oval:org.secpod.oval:def:85134
oval:org.secpod.oval:def:87334
...
XCCDF    7
xccdf_org.secpod_benchmark_NIST_800_53_r5_Debain_11
xccdf_org.secpod_benchmark_general_Ubuntu_23.04
xccdf_org.secpod_benchmark_NIST_800_53_r5_Debian_11
xccdf_org.secpod_benchmark_general_Ubuntu_22.04
...

© SecPod Technologies