SV-216604r531085_rule
V-216604
SRG-NET-000362-RTR-000117
CISC-RT-000560
CAT II
10
Configure the router to use the maximum prefixes feature to protect against route table flooding and prefix de-aggregation attacks as shown in the example below.
R1(config)#router bgp xx
R1(config-router)#neighbor x.1.1.9 maximum-prefix nnnnnnn
R1(config-router)#neighbor x.2.1.7 maximum-prefix nnnnnnn
Review the router configuration to verify that the number of received prefixes from each eBGP neighbor is controlled.
router bgp xx
neighbor x.1.1.9 remote-as yy
neighbor x.1.1.9 maximum-prefix nnnnnnn
neighbor x.2.1.7 remote-as zz
neighbor x.2.1.7 maximum-prefix nnnnnnn
If the router is not configured to control the number of prefixes received from each peer to protect against route table flooding and prefix de-aggregation attacks, this is a finding.
V-216604
False
CISC-RT-000560
Review the router configuration to verify that the number of received prefixes from each eBGP neighbor is controlled.
router bgp xx
neighbor x.1.1.9 remote-as yy
neighbor x.1.1.9 maximum-prefix nnnnnnn
neighbor x.2.1.7 remote-as zz
neighbor x.2.1.7 maximum-prefix nnnnnnn
If the router is not configured to control the number of prefixes received from each peer to protect against route table flooding and prefix de-aggregation attacks, this is a finding.
M
4027