AOS must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks.
Overview
Finding ID
Version
Rule ID
IA Controls
Severity
V-266591
ARBA-NT-000440
SV-266591r1040263_rule
Medium
Description
A network element experiencing a DoS attack will not be able to handle production traffic load. The high utilization and CPU caused by a DoS attack will also have an effect on control keep-alives and timers used for neighbor peering, resulting in route flapping, and will eventually sinkhole production traffic.
The device must be configured to contain and limit a DoS attack's effect on the device's resource utilization. The use of redundant components and load balancing are examples of mitigating "flood-type" DoS attacks through increased capacity.