/proc/sys/net/ipv4/conf/all/send_redirects

**joseph** · 2010-07-02 09:17 AM

/proc/sys/net/ipv4/conf/all/send_redirects explanation:

ICMP Redirects Send and Accept are by default enabled on most of the linux flavours including Debian, Ubuntu, Redhat Enterprise Linux, Suse Linux.
While ICMP Redirects are not the very efficient way to update a hosts Routing table of an optimal route to a target destination, it can cause serious security concerns where a hacker or attacker can send malicously crafted ICMP redirect messages and cause a Denial of Service attack on the network.

If ICMP Redirects are not used in the network for route updates and if the server is not acting as a Router or a Gateway (ICMP Redirect send only) then ICMP Redirect send and accepts should be disabled on the server.

For IPv4, you can run the following two commands:

Code:

server# echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects
server# echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects

Thread: /proc/sys/net/ipv4/conf/all/send_redirects

LinkBack

Thread Tools

Display

/proc/sys/net/ipv4/conf/all/send_redirects

Similar Threads

LWN: linux.conf.au is Live (OStatic)

Mandriva: apache-conf

Mandriva: apache-conf

OpenVZ: Meaning of /proc/user_beancounters

LXer: Linux Apache Dual Stacked IPv4 and IPv6 Configuration

Posting Permissions