Disable Source Routing:
The kernel parameter net.ipv4.conf.all.accept_source_route must be set to "0" (zero) to disallow source routing.
IP Forwarding:
The kernel parameter net.ipv4.ip_forward must be set to "0" (zero) to disallow IP Forwarding.
ICMP Broadcast Response:
The kernel parameter icmp_echo_ignore_broadcasts must be set to "1" (one).
Syn Flood Protection:
The kernel parameter net.ipv4.tcp_syncookies must be set to "1" (one) in order to defend against Syn Flood attacks .
Reverse Path Filter:
The kernel parameter net.ipv4.conf.all.rp_filter must be set to “1” so that the network subsystem will validate source addresses against the Routing Table.
Accepting ICMP redirects:
The kernel parameter net.ipv4.conf.default.accept_redirects must be set to “0” so that the network subsystem will not accept ICMP redirects.
Sending ICMP Redirects
The kernel parameters net.ipv4.conf.all.send_redirects and net.ipv4.conf.default.send_redirects must both be set to “0” so that the network subsystem will not send out ICMP redirects.
No comments:
Post a Comment