net.ipv4.conf.all.accept_redirects = 0
When disabled, this system will no longer accept ICMP Redirects message. While these can be occasionally be
legitimately used to temporarily patch an incorrect routing table on a host machine, malicious hosts can use these
to force packets through a sniffer or invalid gateway. For hosts with correct routing tables, this type of packet only
has malicious uses. For hosts with incorrect routing tables, ignoring these packets will only
slightly impact network parameter.
Sunday, March 15, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment