[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] ICMP protocol
- Subject: Re: [cobalt-security] ICMP protocol
- From: Gareth Bromley <gbromley@xxxxxxxxxxx>
- Date: Mon, 23 Apr 2001 20:01:34 +0100
- Organization: Int* Consulting Ltd
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Markus Noeske wrote:
> has somebody dicovered problems with
> a ping-flood attack on cobalt raqs?
> how to block the icmp protocol on cobalt
> servers?
Number of tools:
- IPChains to firewall box
- sysctl to turn off kernel networking components (Place these in
/etc/sysctl.conf)
net.ipv4.icmp_echo_ignore_all = 1 # Ignore all ICMP Echo requests
net.ipv4.icmp_echo_ignore_broadcasts = 1 # Ignore OCMP broadcasts
net.ipv4.conf.all.accept_source_route = 0 # Ignore Source routed packets
net.ipv4.tcp_syncookies = 1 # Protection from SYN attacks
net.ipv4.conf.all.accept_redirects = 0 # Ignore ICMP redirects
net.ipv4.icmp_ignore_bogus_error_responses = 1 # Ignore ICMP Error
messages
Hope this helps,
--Gareth