V-270754

Discussion

Denial of service (DoS) occurs when a resource is not available for legitimate users, resulting in the organization not being able to accomplish its mission or causing it to operate at degraded capacity. This requirement addresses the configuration of Ubuntu 24.04 LTS to mitigate the impact of DoS attacks that have occurred or are ongoing on system availability. For each system, known and potential DoS attacks must be identified and solutions for each type implemented. A variety of technologies exist to limit or, in some cases, eliminate the effects of DoS attacks (e.g., limiting processes or establishing memory partitions). Employing increased capacity and bandwidth, combined with service redundancy, may reduce the susceptibility to some DoS attacks.

Check Content

Verify an application firewall is configured to rate limit any connection to the system. 
 
Check all the services listening to the ports with the following command: 
 
$ ss -l46ut 
Netid               State          Recv-Q          Send-Q                               Local Address:Port            Peer Address:Port               Process                
tcp                 LISTEN               0                     511                                           *:http                                          *:* 
tcp                 LISTEN               0                     128                                           [::]:ssh                                        [::]:*
tcp                 LISTEN               0                     128                                           [::]:ipp                                        [::]:* 
tcp                 LISTEN               0                     128                                           [::]:smtp                                    [::]:*

 
For each entry, verify the Uncomplicated Firewall (ufw) is configured to rate limit the service ports with the following command: 
 
$ sudo ufw status 
Status: active 
 
To                           Action     From 
--                             ------         ---- 
80/tcp                    LIMIT       Anywhere
25/tcp                    LIMIT       Anywhere
Anywhere            DENY       177.60.7.4
443                           LIMIT      Anywhere       
22/tcp                     LIMIT      Anywhere    
80/tcp (v6)            LIMIT      Anywhere
25/tcp (v6)            LIMIT      Anywhere               
22/tcp (v6)            LIMIT      Anywhere (v6) 

25                             DENY OUT    Anywhere
25 (v6)                    DENY OUT    Anywhere (v6)

If any port with a state of "LISTEN" that does not have an action of "DENY", is not marked with the "LIMIT" action, this is a finding. If the Status is set to anything other than "active" this is a finding.