STIGQter STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021:

The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to use its loopback address as the source address when originating MSDP traffic.

DISA Rule

SV-217098r639663_rule

Vulnerability Number

V-217098

Group Title

SRG-NET-000512-RTR-000011

Rule Version

JUNI-RT-000940

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the router to use its loopback address is used as the source address when sending MSDP packets.

[edit protocols msdp]
set group AS_5 peer 5.5.5.5 local-address 2.2.2.2

Check Contents

Review the router configuration to verify that a loopback address has been configured.

interfaces {



lo0 {
unit 0 {
family inet {
address 2.2.2.2/32;
}
}
}
}

Verify that the loopback interface is used as the source address for all MSDP packets generated by the router.

protocols {
msdp {
group AS25 {
peer 5.5.5.5 {
local-address 2.2.2.2;
}
}
}

If the router does not use its loopback address as the source address when originating MSDP traffic, this is a finding.

Vulnerability Number

V-217098

Documentable

False

Rule Version

JUNI-RT-000940

Severity Override Guidance

Review the router configuration to verify that a loopback address has been configured.

interfaces {



lo0 {
unit 0 {
family inet {
address 2.2.2.2/32;
}
}
}
}

Verify that the loopback interface is used as the source address for all MSDP packets generated by the router.

protocols {
msdp {
group AS25 {
peer 5.5.5.5 {
local-address 2.2.2.2;
}
}
}

If the router does not use its loopback address as the source address when originating MSDP traffic, this is a finding.

Check Content Reference

M

Target Key

4032

Comments