STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021:

The Juniper multicast Designated Router (DR) must be configured to limit the number of mroute states resulting from Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Host Membership Reports.

DISA Rule

SV-217091r639663_rule

Vulnerability Number

V-217091

Group Title

SRG-NET-000362-RTR-000122

Rule Version

JUNI-RT-000870

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Configure the DR on a global or interface basis to limit the number of mroute states resulting from IGMP or MLD membership reports.

[edit protocols igmp]
set interface ge-1/0/1.0 group-limit nnn

Check Contents

Review the DR configuration to verify that it is limiting the number of mroute states via IGMP or MLD.

protocols {
igmp {
interface ge-1/0/1.0 {
group-limit nnn;
}
}

If the DR is not limiting multicast join requests via IGMP or MLD, this is a finding.

Vulnerability Number

V-217091

Documentable

False

Rule Version

JUNI-RT-000870

Severity Override Guidance

Review the DR configuration to verify that it is limiting the number of mroute states via IGMP or MLD.

protocols {
igmp {
interface ge-1/0/1.0 {
group-limit nnn;
}
}

If the DR is not limiting multicast join requests via IGMP or MLD, this is a finding.

Check Content Reference

M

Target Key

4032

Comments