Markus Noeske wrote:
> has somebody dicovered problems with
> a ping-flood attack on cobalt raqs?
> how to block the icmp protocol on cobalt
> servers?
Number of tools:
- IPChains to firewall box
- sysctl to turn off kernel networking components (Place these in
/etc/sysctl.conf)
net.ipv4.icmp_echo_ignore_all = 1 # Ignore all ICMP Echo requests
net.ipv4.icmp_echo_ignore_broadcasts = 1 # Ignore OCMP broadcasts
net.ipv4.conf.all.accept_source_route = 0 # Ignore Source routed packets
net.ipv4.tcp_syncookies = 1 # Protection from SYN attacks
net.ipv4.conf.all.accept_redirects = 0 # Ignore ICMP redirects
net.ipv4.icmp_ignore_bogus_error_responses = 1 # Ignore ICMP Error
messages
Hope this helps,
--Gareth
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
