Disable ICMP Redirect and Enable IP Spoofing Protection

Disable ICMP Redirect and Enable IP Spoofing Protection

ICMP redirects are used by routers to tell the server that there is a better path to other networks than the one chosen by the server.

However, an intruder could potentially use ICMP redirect packets to alter the hosts’s routing table by causing traffic to use a path you didn’t intend.

To disable ICMP Redirect Acceptance, edit the /etc/sysctl.conf file and add the following line:

net.ipv4.conf.all.accept_redirects = 0

# Do not accept ICMP redirects (prevent MITM attacks)

net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0

Enable IP Spoofing Protection

IP spoofing is a technique where an intruder sends out packets which claim to be from another host by manipulating the source address. IP spoofing is very often used for denial of service attacks.

To enable IP Spoofing Protection, turn on Source Address Verification.

Edit the /etc/sysctl.conf file and add the following line:

net.ipv4.conf.all.rp_filter = 1

Tags: , , , , , ,

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.