[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] ICMP protocol

Subject: Re: [cobalt-security] ICMP protocol
From: Gareth Bromley <gbromley@xxxxxxxxxxx>
Date: Mon, 23 Apr 2001 20:01:34 +0100
Organization: Int* Consulting Ltd
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Markus Noeske wrote:
> has somebody dicovered problems with
> a ping-flood attack on cobalt raqs?
> how to block the icmp protocol on cobalt
> servers?

Number of tools:
- IPChains to firewall box
- sysctl to turn off kernel networking components (Place these in
/etc/sysctl.conf)

net.ipv4.icmp_echo_ignore_all = 1		# Ignore all ICMP Echo requests
net.ipv4.icmp_echo_ignore_broadcasts = 1	# Ignore OCMP broadcasts
net.ipv4.conf.all.accept_source_route = 0	# Ignore Source routed packets
net.ipv4.tcp_syncookies = 1			# Protection from SYN attacks
net.ipv4.conf.all.accept_redirects = 0		# Ignore ICMP redirects
net.ipv4.icmp_ignore_bogus_error_responses = 1	# Ignore ICMP Error
messages

Hope this helps,

--Gareth

References:
- [cobalt-security] ICMP protocol
  - From: Markus Noeske

Prev by Date: [cobalt-security] security issues -PLS READ!!
Next by Date: Re: [cobalt-security] Port 143 and Portsentry
Previous by thread: Re: [cobalt-security] ICMP protocol
Next by thread: [cobalt-security] ICMP protocol

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index