The MSDP router must be configured to limit the amount of source-active messages it accepts on per-peer basis.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| low | V-207105 | SRG-NET-000018 | SRG-NET-000018-RTR-000009 | SV-207105r1137903_rule | 2025-09-10 | 5 |
Description
To reduce any risk of a denial-of-service (DoS) attack from a rogue or misconfigured MSDP router, the router must be configured to limit the number of source-active messages it accepts from each peer.
This requirement also applies to Zero Trust initiatives.
ℹ️ Check
Review the router configuration to determine if it is configured to limit the amount of source-active messages it accepts on a per-peer basis.
If the router is not configured to limit the source-active messages it accepts, this is a finding.
✔️ Fix
Configure the MSDP router to limit the amount of source-active messages it accepts from each peer.