V-38539: The system must be configured to use TCP syncookies when experiencing a TCP SYN flood.
-----------------------------------------------------------------------------------------------

A TCP SYN flood attack can cause a denial of service by filling a system's TCP
connection table with connections in the SYN_RCVD state. Syncookies can be
used to track a connection when a subsequent ACK is received, verifying the
initiator is attempting a valid connection and is not a flood source. This
feature is activated when a flood condition is detected, and enables the
system to continue servicing valid connection requests.

Details: `V-38539 in STIG Viewer`_.

.. _V-38539 in STIG Viewer: https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2015-05-26/finding/V-38539

Notes for deployers
~~~~~~~~~~~~~~~~~~~

.. include:: developer-notes/V-38539.rst