mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-23 01:13:40 +07:00
Code Issues Packages Projects Releases Wiki Activity

Clarify ICMP redirect acceptance and sending

Browse Source
This commit is contained in:
Raja Grewal 2024-07-17 14:58:30 +10:00
parent 824d9b82e5
commit 693b47e623
No known key found for this signature in database
GPG Key ID: 92CA473C156B64C4
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
usr/lib/sysctl.d/990-security-misc.conf
View File

@ -252,16 +252,22 @@ net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.rp_filter=1
## Disable ICMP redirect acceptance and redirect sending messages.
## Prevents man-in-the-middle attacks and minimises information disclosure.
## Prevents man-in-the-middle attacks and minimises information disclosure.
##
## https://askubuntu.com/questions/118273/what-are-icmp-redirects-and-should-they-be-blocked
##
net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.all.secure_redirects=0
net.ipv4.conf.default.secure_redirects=0
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.default.accept_redirects=0
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.send_redirects=0
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.default.accept_redirects=0
## Accept ICMP redirect messages only for approved gateways.
## If ICMP redirect messages are permitted, only useful if managing a default gateway list.
##
net.ipv4.conf.all.secure_redirects=0
net.ipv4.conf.default.secure_redirects=0
## Ignore ICMP echo requests.
## Prevents clock fingerprinting through ICMP timestamps and Smurf attacks.