STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Nokia Service Router OS 25.x Router Security Technical Implementation Guide

V-283874

CAT II (Medium)

The Nokia Multicast Source Discovery Protocol (MSDP) router must be configured to authenticate all received MSDP packets.

Rule ID

SV-283874r1203871_rule

STIG

Nokia Service Router OS 25.x Router Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001958

Discussion

MSDP peering with customer network routers presents additional risks to the Defense Information Systems Network (DISN) core, whether from a rogue or misconfigured MSDP-enabled router. MSDP password authentication is used to validate each segment sent on the Transmission Control Protocol (TCP) connection between MSDP peers, protecting the MSDP session against the threat of spoofed packets being injected into the TCP connection stream.

Check Content

Review the router configuration to determine if received MSDP packets are authenticated.

Verify "Auth Status" is enabled using the command below:

- show router msdp peer 2.2.2.2 detail | match "Auth Status"
Auth Status        : Enabled

If the router does not require MSDP authentication, this is a finding.

Fix Text

Configure the MSDP router to authenticate all MSDP packets received, as shown in the example below:

- configure router msdp peer 1.1.1.1 authentication-key pass123