扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
· 让系统对 ping 没有反应
· 让系统对广播没有反应
· 取消 IP source routing
· 开启 TCP SYN Cookie 保护
· 取消 ICMP 接受 Redirect
· 开启错误讯息保护
· 开启 IP 欺骗保护
· 记录Spoofed Packets, Source Routed Packets, Redirect Packets
Redhat 6.1 的做法:
[root@deep /]# echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all
[root@deep /]# echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
[root@deep /]# for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
> echo 0 >$f
> done
[root@deep /]# echo 1 >/proc/sys/net/ipv4/tcp_syncookies
[root@deep /]# for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
> echo 0 >$f
> done
[root@deep /]# echo 1 >/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
[root@deep /]# for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
> echo 0 >$f
> done
[root@deep /]# for f in /proc/sys/net/ipv4/conf/*/log_martians; do
> echo 0 >$f
> done
Redhat 6.2 的做法:
# Enable ignoring ping request
net.ipv4.icmp_echo_ignore_all = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Enable IP spoofing protection, turn on Source Address Verification
net.ipv4.conf.all.rp_filter = 1
# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。
京公网安备 11010802021500号