DoS prevention techquies.
I stumbled over this article the other day, it basically decribes
several configuration options for several routers and UNIX OSes that can
be used to reduce minimize the impact of DoS attacks:
http://www.antioffline.com/stoppingdos.html
I've already read about a few of the Linux IPV4 configurations. However,
I have never seen two IPV4 options describe in this article. Perhaps
somebody help me with this :-D
The author recomends the following configuration of the Linux kernel to
disable source routed packets and to prevent subtle probes of an
internal network behind a multihomed host.
E. Linux kernel 2.2
/sbin/sysctl -w net.ipv4.conf.all.accept_source_route=0
Drop all source route packets.
/sbin/sysctl -w net.ipv4.conf.all.forwarding=0
/sbin/sysctl -w net.ipv4.conf.all.mc_forwarding=0
Do not forward source routed frames.
I'm running kernel 2.4.6 and I'm using NetFilter to provide NAT to my
own internal network (ip_forward=1). I have been able to change the
forwarding parameter to 0 but cannot do so for the mc_forwarding
parameter. Whenever I try to echo 0 >
/proc/sys/net/ipv4/conf/all/mc_forwarding as root I always get a
Permission Denied message from the kernel.
My questions are:
Why can't I change the mc_forwarding parameter?
What exactly do these paramters do, and should I be toying around with
them?
Thanks for your time and patience,
Stef
Reply to: