blob: 0f226a847b30ed31e751194e430de19454b0edb7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
---
upgrade:
- The net.ipv4.conf.default.send_redirects & net.ipv4.conf.all.send_redirects
are now set to 0 to prevent a compromised host from sending invalid ICMP
redirects to other router devices.
- The net.ipv4.conf.default.accept_redirects,
net.ipv6.conf.default.accept_redirects & net.ipv6.conf.all.accept_redirects
are now set to 0 to prevent forged ICMP packet from altering host's routing
tables.
- The net.ipv4.conf.default.secure_redirects &
net.ipv4.conf.all.secure_redirects are now set to 0 to disable acceptance
of secure ICMP redirected packets.
security:
- Invalide ICMP redirects may corrupt routing and have users access a system
set up by the attacker as opposed to a valid system.
- Routing tables may be altered by bogus ICMP redirect messages and send
packets to incorrect networks.
- Secure ICMP redirects are the same as ICMP redirects, except they come from
gateways listed on the default gateway list.
|