Re: Bill Wohler: Linux security tips
-> To prevent Linux from forwarding any packets, recompile the kernel
-> with the option CONFIG_IP_FORWARD off.
who does compile linux with packet forwarding on when he des not want it to
be a router ?
-> To prevent responding to pings altogether, use
-> CONFIG_IP_IGNORE_ECHO_REQUESTS on.
hmmm that i imho a very BAD idea. machine SHOULD (i've heard RFC says it
MUST) respond any ICMP echo packet; maybe there could be some protection
against ICMP flooding but machine should not ignore echo requests
--
Matus "fantomas" Uhlar, sysadmin at NETLAB+ Kosice, Slovakia
BIC coord for *.sk; admin of netlab.irc.sk; co-admin of irc.felk.cvut.cz
--
Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
Reply to: