also sprach Bernhard R. Link <[EMAIL PROTECTED]> [2008.12.05.1207 +0100]: > 1) moving sysctl invocation later might open some subtile > problems. For example moving things like > net.ipv4.conf.all.accept_redirects = 0 after network > initialisation might open up a window for attacks.
The key you mention should thus be disabled by default, ideally in the kernel. Same goes for all other settings that have no real-world use anymore. > Or some of the arp related stuff, that might break in more complex > settings when in the short time the wrong packages are received. Like what? -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)