STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Nokia Service Router OS 25.x Router Security Technical Implementation Guide

V-283834

CAT III (Low)

The Nokia Multicast Source Discovery Protocol (MSDP) router must be configured to limit the amount of source-active messages it accepts on a per-peer basis.

Rule ID

SV-283834r1203751_rule

STIG

Nokia Service Router OS 25.x Router Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001368

Discussion

To reduce any risk of a denial-of-service (DoS) attack from a rogue or misconfigured MSDP router, the router must be configured to limit the number of source-active messages it accepts from each peer.

Check Content

Review the Nokia router configuration to determine if the "SA Limit" has been configured to limit the number of source-active messages it accepts on a per-peer basis.

Verify the source-active limit, as shown in the example below: 

- show router msdp status | match "SA Limit"
    SA Limit                      : 2
    SA Limit Excd                 : 0

If the router is not configured to limit the source-active messages it accepts, this is a finding.

Fix Text

Configure the MSDP router to limit the amount of source-active messages it accepts from each peer.

Configure the active-source limit, as shown in the example below: 

- configure router msdp active-source-limit 2