The guide is here:
http://www.securityfocus.com/infocus/1385
This is specifically about tuning your network setting to prevent network based attacks. For example:
Worried about ARP attacks:
# ndd -set /dev/arp arp_cleanup_interval
# ndd -set /dev/ip ip_ire_flush_interval
How about IP forwarding or SRC routing:
# ndd -set /dev/ip ip_forwarding 0
# ndd -set /dev/ip ip_strict_dst_multihoming 0
# ndd -set /dev/ip ip_forward_directed_broadcasts 0
# ndd -set /dev/ip ip_forward_src_routed 0
How about SYN Floods? First you need to get a baseline of SYNs . Either of these commands will do:
# netstat -an -f inet | grep SYN_RCVD | wc -l
# netstat -s -P tcp
Then you need to read the guide
Subscribe to:
Post Comments (Atom)
1 comment:
Good post.
Post a Comment