mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-23 01:13:40 +07:00
Show details regarding secure_redirects
(again)
This commit is contained in:
parent
88c88187f2
commit
1445457626
@ -72,7 +72,8 @@ Various networking components of the TCP/IP stack are hardened for IPv4/6.
|
||||
from all interfaces to prevent IP spoofing.
|
||||
|
||||
- Disable ICMP redirect acceptance and redirect sending messages to
|
||||
prevent man-in-the-middle attacks and minimize information disclosure.
|
||||
prevent man-in-the-middle attacks and minimize information disclosure. If
|
||||
ICMP redirect messages are permitted, only do so from approved gateways.
|
||||
|
||||
- Ignore ICMP echo requests to prevent clock fingerprinting and Smurf attacks.
|
||||
|
||||
|
@ -272,6 +272,12 @@ net.ipv4.conf.default.send_redirects=0
|
||||
net.ipv6.conf.all.accept_redirects=0
|
||||
net.ipv6.conf.default.accept_redirects=0
|
||||
|
||||
## Accept ICMP redirect messages only for approved gateways.
|
||||
## If ICMP redirect messages are permitted, only useful if managing a default gateway list.
|
||||
##
|
||||
net.ipv4.conf.all.secure_redirects=1
|
||||
net.ipv4.conf.default.secure_redirects=1
|
||||
|
||||
## Ignore ICMP echo requests.
|
||||
## Prevents clock fingerprinting through ICMP timestamps and Smurf attacks.
|
||||
##
|
||||
|
Loading…
Reference in New Issue
Block a user