The RUCKUS ICX router must employ organization-defined controls by type of denial of service (DoS) to achieve the DoS objective.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-273669	SRG-NET-000705-RTR-000110	RCKS-RTR-001060	SV-273669r1111074_rule	2025-06-03	1

Description
DoS events may occur due to a variety of internal and external causes, such as an attack by an adversary or a lack of planning to support organizational needs with respect to capacity and bandwidth. Such attacks can occur across a wide range of network protocols (e.g., IPv4, IPv6). A variety of technologies are available to limit or eliminate the origination and effects of DoS events. For example, boundary protection devices can filter certain types of packets to protect system components on internal networks from being directly affected by or the source of DoS attacks. Employing increased network capacity and bandwidth combined with service redundancy also reduces the susceptibility to DoS events.

Description

DoS events may occur due to a variety of internal and external causes, such as an attack by an adversary or a lack of planning to support organizational needs with respect to capacity and bandwidth. Such attacks can occur across a wide range of network protocols (e.g., IPv4, IPv6). A variety of technologies are available to limit or eliminate the origination and effects of DoS events. For example, boundary protection devices can filter certain types of packets to protect system components on internal networks from being directly affected by or the source of DoS attacks. Employing increased network capacity and bandwidth combined with service redundancy also reduces the susceptibility to DoS events.

ℹ️ Check
Review configuration to determine whether distributed denial-of-service (DDoS) attack prevention is configured (values may vary): ICX#show running-config \| include burst ip icmp attack-rate burst-normal 500 burst-max 1000 lockup 300 ip tcp burst-normal 30 burst-max 100 lockup 300 If DSCP trust is required, verify it has been applied to the necessary interfaces. ICX# show running-config interface ethernet x/x/x interface ethernet x/x/x trust dscp If DDoS protection is not configured or Differentiated Services Code Point (DSCP) trust is required but not configured, this is a finding.

ℹ️ Check

Review configuration to determine whether distributed denial-of-service (DDoS) attack prevention is configured (values may vary): ICX#show running-config | include burst ip icmp attack-rate burst-normal 500 burst-max 1000 lockup 300 ip tcp burst-normal 30 burst-max 100 lockup 300 If DSCP trust is required, verify it has been applied to the necessary interfaces. ICX# show running-config interface ethernet x/x/x interface ethernet x/x/x trust dscp If DDoS protection is not configured or Differentiated Services Code Point (DSCP) trust is required but not configured, this is a finding.

✔️ Fix
Configure DDoS protection (values may vary): ICX(config)#ip icmp attack-rate burst-normal 500 burst-max 1000 lockup 300 ICX(config)#ip tcp burst-normal 30 burst-max 100 lockup 300 If required, apply DSCP trust to applicable interfaces: ICX(config)# interface ethernet x/x/x ICX(config-if-e1000-x/x/x)# trust dscp