May 8th, 2009
Enabling Source Address Verification
Enabling Source Address Verification
To prevent remote host from spofing incoming packets as if they had come from the local machine.
Solution:
Trun on source address verification in the Linux kernel.
A quick method is to add this line to /etc/sysctl.conf
net.ipv4.conf.all.rp_filter = 1
And then run the sysctl command to read the configuration.
DESCRIPTION
sysctl is used to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Procfs is required for sysctl support in Linux. You can use sysctl to both read and write sysctl data.
EXAMPLES
/sbin/sysctl -a
/sbin/sysctl -n kernel.hostname
/sbin/sysctl -w kernel.domainname=”example.com”
/sbin/sysctl -p /etc/sysctl.conf
-w Use this option when you want to change a sysctl setting.
-p Load in sysctl settings from the file specified or /etc/sysctl.conf if none given. Specifying - as filename means reading data from standard input.
-a Display all values currently available.
-A Display all values currently available in table form.
