STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers.

DISA Rule

SV-207170r604135_rule

Vulnerability Number

V-207170

Group Title

SRG-NET-000364

Rule Version

SRG-NET-000364-RTR-000116

Severity

CAT II

CCI(s)

• CCI-002403 - The information system only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Weight

10

Fix Recommendation

Ensure the receive path or interface filter for all MSDP routers only accepts MSDP packets from known MSDP peers.

Check Contents

Review the router configuration to determine if there is a receive path or interface filter to only accept MSDP packets from known MSDP peers.

If the router is not configured to only accept MSDP packets from known MSDP peers, this is a finding.

Vulnerability Number

V-207170

Documentable

False

Rule Version

SRG-NET-000364-RTR-000116

Severity Override Guidance

Review the router configuration to determine if there is a receive path or interface filter to only accept MSDP packets from known MSDP peers.

If the router is not configured to only accept MSDP packets from known MSDP peers, this is a finding.

Check Content Reference

M

Target Key

2917

Comments