STIGQter STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 25 Oct 2019: The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to limit the amount of source-active messages it accepts on per-peer basis.

DISA Rule

SV-101187r1_rule

Vulnerability Number

V-90977

Group Title

SRG-NET-000018-RTR-000009

Rule Version

JUNI-RT-000930

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the router to limit the amount of source-active messages it accepts from each peer.

[edit protocols msdp group AS25 peer x.x.x.x]
set active-source-limit maximum nnn

Check Contents

Review the router configuration to determine if it is configured to limit the amount of source-active messages it accepts on a per-peer basis.

protocols {



}
msdp {
export SA_EXPORT;
import SA_IMPORT;
group AS25 {
peer x.x.x.x {
active-source-limit {
maximum nnn;
}

If the router is not configured to limit the source-active messages it accepts, this is a finding.

Vulnerability Number

V-90977

Documentable

False

Rule Version

JUNI-RT-000930

Severity Override Guidance

Review the router configuration to determine if it is configured to limit the amount of source-active messages it accepts on a per-peer basis.

protocols {



}
msdp {
export SA_EXPORT;
import SA_IMPORT;
group AS25 {
peer x.x.x.x {
active-source-limit {
maximum nnn;
}

If the router is not configured to limit the source-active messages it accepts, this is a finding.

Check Content Reference

M

Target Key

3387

Comments