mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-23 21:26:20 +07:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #288 from raja-grewal/shared_media

Browse Source 
Deny sending and receiving shared media redirects
This commit is contained in:
Patrick Schleizer 2025-01-10 10:28:05 -05:00 committed by GitHub
commit 27d19ba568
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -102,8 +102,8 @@ Networking:
- Disable ICMP redirect acceptance and redirect sending messages to prevent - Disable ICMP redirect acceptance and redirect sending messages to prevent
man-in-the-middle attacks and minimize information disclosure. man-in-the-middle attacks and minimize information disclosure.
- Optional - Deny sending and receiving shared media redirects to reduce - Deny sending and receiving shared media redirects to reduce the risk of IP
the risk of IP spoofing attacks. spoofing attacks.
- Optional - Enable ARP filtering to mitigate some ARP spoofing and ARP - Optional - Enable ARP filtering to mitigate some ARP spoofing and ARP
cache poisoning attacks. cache poisoning attacks.

2
usr/lib/sysctl.d/990-security-misc.conf
View File

@ -451,7 +451,7 @@ net.ipv6.conf.*.accept_redirects=0
## https://datatracker.ietf.org/doc/html/rfc1620 ## https://datatracker.ietf.org/doc/html/rfc1620
## https://www.frozentux.net/ipsysctl-tutorial/chunkyhtml/theconfvariables.html ## https://www.frozentux.net/ipsysctl-tutorial/chunkyhtml/theconfvariables.html
## ##
#net.ipv4.conf.*.shared_media=0 net.ipv4.conf.*.shared_media=0
## Enable ARP (Address Resolution Protocol) filtering. ## Enable ARP (Address Resolution Protocol) filtering.
## Prevents the Linux kernel from handling the ARP table globally ## Prevents the Linux kernel from handling the ARP table globally