mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-08 14:58:29 +07:00
Code Issues Packages Projects Releases Wiki Activity

Clarify ICMP redirect acceptance and sending

Browse Source
This commit is contained in:
Raja Grewal
2024-07-17 14:58:30 +10:00
parent 824d9b82e5
commit 693b47e623
1 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
usr/lib/sysctl.d/990-security-misc.conf
View File

@ -254,14 +254,20 @@ net.ipv4.conf.default.rp_filter=1
## Disable ICMP redirect acceptance and redirect sending messages. ## Disable ICMP redirect acceptance and redirect sending messages.
## Prevents man-in-the-middle attacks and minimises information disclosure. ## Prevents man-in-the-middle attacks and minimises information disclosure.
## ##
## https://askubuntu.com/questions/118273/what-are-icmp-redirects-and-should-they-be-blocked
##
net.ipv4.conf.all.accept_redirects=0 net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.default.accept_redirects=0 net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.all.secure_redirects=0
net.ipv4.conf.default.secure_redirects=0
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.default.accept_redirects=0
net.ipv4.conf.all.send_redirects=0 net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.send_redirects=0 net.ipv4.conf.default.send_redirects=0
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.default.accept_redirects=0
## Accept ICMP redirect messages only for approved gateways.
## If ICMP redirect messages are permitted, only useful if managing a default gateway list.
##
net.ipv4.conf.all.secure_redirects=0
net.ipv4.conf.default.secure_redirects=0
## Ignore ICMP echo requests. ## Ignore ICMP echo requests.
## Prevents clock fingerprinting through ICMP timestamps and Smurf attacks. ## Prevents clock fingerprinting through ICMP timestamps and Smurf attacks.