The system must set maximum number of half-open TCP connections to 4096.
An XCCDF Rule
Description
This setting controls how many half-open connections can exist for a TCP port. It is necessary to control the number of completed connections to the system to provide some protection against denial of service attacks.
- ID
- SV-216378r959010_rule
- Version
- SOL-11.1-050110
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
The Network Management profile is required
Configure maximum TCP connections for IPv4 and IPv6.
# pfexec ipadm set-prop -p _conn_req_max_q0=4096 tcp