STIGQter STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 25 Oct 2019: The Juniper multicast Designated Router (DR) must be configured to limit the number of mroute states resulting from Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Host Membership Reports.

DISA Rule

SV-101175r1_rule

Vulnerability Number

V-90965

Group Title

SRG-NET-000362-RTR-000122

Rule Version

JUNI-RT-000870

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the DR on a global or interface basis to limit the number of mroute states resulting from IGMP or MLD membership reports.

[edit protocols igmp]
set interface ge-1/0/1.0 group-limit nnn

Check Contents

Review the DR configuration to verify that it is limiting the number of mroute states via IGMP or MLD.

protocols {
igmp {
interface ge-1/0/1.0 {
group-limit nnn;
}
}

If the DR is not limiting multicast join requests via IGMP or MLD, this is a finding.

Vulnerability Number

V-90965

Documentable

False

Rule Version

JUNI-RT-000870

Severity Override Guidance

Review the DR configuration to verify that it is limiting the number of mroute states via IGMP or MLD.

protocols {
igmp {
interface ge-1/0/1.0 {
group-limit nnn;
}
}

If the DR is not limiting multicast join requests via IGMP or MLD, this is a finding.

Check Content Reference

M

Target Key

3387

Comments