Re: IPv4 messages from Tiger after dist-upgrade

To: debian-user@lists.debian.org
Subject: Re: IPv4 messages from Tiger after dist-upgrade
From: Steven Ayre <steveayre@gmail.com>
Date: Sun, 6 Mar 2011 10:53:47 +0000
Message-id: <[🔎] AANLkTimjXS80pjX6asH0WMn1_Yd3svTQqbokNhGx=fgt@mail.gmail.com>
In-reply-to: <[🔎] AANLkTimQzKCKSD+ueKKt9HPyOTYXMXeHBEeAB0fj7-5g@mail.gmail.com>
References: <[🔎] AANLkTimQzKCKSD+ueKKt9HPyOTYXMXeHBEeAB0fj7-5g@mail.gmail.com>

They're just configuration settings. You can either set them from the
command line using the sysctl commands it gives you, or create a
/etc/sysctl.d/something.conf file that contains:
  net.ipv4.conf.default.rp_filter = 2
  net.ipv4.conf.all.rp_filter = 2
  net.ipv4.conf.default.log_martians = 1
  net.ipv4.conf.all.log_martians = 1
  net.ipv4.conf.default.accept_source_route = 0
  net.ipv4.conf.all.accept_source_route = 0
Then do "invoke-rc.d procps restart" to make them take effect. That
method is probably better because they'll then be set on bootup in
future.

They'll probably not be set by default, because there are reasons that
some machines wouldn't want those as defaults.

-Steve


On 6 March 2011 06:43, Linda Ursin <linda@heksebua.com> wrote:
> Hi
>
> Since upgrading to Squeeze, I'm getting these from Tiger:
>
> dolly:/home/linda# tigexp lin014f
>
> It is possible to send IP spoofed packets from this machine. Spoofed
> packets are commonly used by trojans that make use of compromised hosts
> to deliver denial of service, man in the middle or connection hijacking.
> You should consider configuring your kernel to not permit this:
>   # sysctl -w net.ipv4.conf.all.rp_filter = 2
> and:
>   # sysctl -w net.ipv4.conf.default.rp_filter = 2
>
> dolly:/home/linda# tigexp lin016f
>
> Source routing might permit an attacker to send packets through your
> host (if routing is enabled) to other hosts without following your
> network topology setup. It should be enabled only under very special
> circumstances or otherwise an attacker could try to bypass the traffic
> filtering that is done on the network:
>   # sysctl -w net.ipv4.conf.all.accept_source_route = 0
> and:
>   # sysctl -w net.ipv4.conf.default.accept_source_route = 0
>
> dolly:/home/linda# tigexp lin017w
>
> Suspicious packets received by the kernel should be logged to detect
> incoming attacks. To activate this logging capability:
>   # sysctl -w net.ipv4.conf.all.log_martians = 1
> and:
>   # sysctl -w net.ipv4.conf.default.log_martians = 1
>
>
> Could these fixes be included in an update, or do I have to enter them
> myself? I don't like to edit the kernel because I don't know enough about
> it.
> Since I'm not sure it's actually a bug, I'm not reporting it as such.
>
> Linda
> ~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
>
> Linda Ursin
> Heksebua
>
> Adresse:                      Tlf:     (+47) 402 40 767
> Solvang                        www:     http://heksebua.com
> 7288 Soknedal              E-post:  linda@heksebua.com
>
> Org: NO 995 578 107
>

Reply to:

References:
- IPv4 messages from Tiger after dist-upgrade
  - From: Linda Ursin <linda@heksebua.com>

Prev by Date: Re: What's not cross-posting... (was Re: Adding a bootloader to a Windows partition image)
Next by Date: Re: repository 'debports' help needed
Previous by thread: IPv4 messages from Tiger after dist-upgrade
Next by thread: Lenny -> Squeeze : Apache2:LDAP SSL auth not working anymore
Index(es):
- Date
- Thread