STIGQter: STIG Summary: A10 Networks ADC ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The A10 Networks ADC must protect against ICMP-based Denial of Service (DoS) attacks by employing ICMP Rate Limiting.

DISA Rule

SV-237062r639633_rule

Vulnerability Number

V-237062

Group Title

SRG-NET-000362-ALG-000112

Rule Version

AADC-AG-000155

Severity

CAT I

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

The following command configures ICMP rate limiting:
icmp-rate-limit [normal-rate] lockup [max-rate] [lockup-time]

Check Contents

Review the device configuration.

The following command displays the device configuration and filters the output on the string "icmp-rate-limit":
show run | inc icmp-rate-limit

If ICMP rate limiting is not configured, this is a finding.

If no lockout period and maximum rates are configured as an action, this is a finding.

Vulnerability Number

V-237062

Documentable

False

Rule Version

AADC-AG-000155

Severity Override Guidance

Review the device configuration.

The following command displays the device configuration and filters the output on the string "icmp-rate-limit":
show run | inc icmp-rate-limit

If ICMP rate limiting is not configured, this is a finding.

If no lockout period and maximum rates are configured as an action, this is a finding.

Check Content Reference

M

Target Key

5285

Comments