The kernel tunable parameters
• To restart all networks devices manually on your system, use the following command: [root@deep /]# /etc/rc.d/init.d/network restart
Setting network parameters [ OK ]
Bringing up interface lo [ OK ]
Bringing up interface ethO [ OK ]
Bringing up interface eth1 [ OK ]
Routing Protocols
Routing and routing protocols can create several problems. The IP source routing, where an IP packet contains details of the path to its intended destination, is dangerous because according to RFC 1122 the destination host must respond along the same path. If an attacker was able to send a source routed packet into your network, then he would be able to intercept the replies and fool your host into thinking it is communicating with a trusted host. I strongly recommend that you disable IP source routing to protect your server from this hole.
To disable IP source routing on your server, type the following command in your terminal:
Under Red Hat Linux 6.1
[root@deep /]# for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
> echo 0 > $f
> done
[root@deep /]#
Add the above commands to the 7etc/rc.d/rc.local” script file and you’ll not have to type it again the next time you reboot your system.
Under Red Hat Linux 6.2
Edit the 7etc/sysctl.conf file and add the following line:
# Disables IP source routing net.ipv4.conf.all.accept_source_route = 0
You must restart your network for the change to take effect. The command to restart the network is the following:
• To restart all network devices manually on your system, use the following command: [root@deep /]# /etc/rc.d/init.d/network restart
Setting network parameters [ OK ]
Bringing up interface lo [ OK ]
Bringing up interface ethO [ OK ]
Bringing up interface eth1 [ OK ]
NOTE: Make a note that the above command for Red Hat Linux 6.1 or 6.2 will disable Source Routed Packets on all your interfaces (lo, ethN, pppN etc).
Enable TCP SYN Cookie Protection
A “SYN Attack” is a denial of service (DoS) attack that consumes all the resources on your machine, forcing you to reboot. Denial of service attacks (attacks which incapacitate a server due to high traffic volume or ones that tie-up system resources enough that the server cannot respond to a legitimate connection request from a remote system) are easily achievable from internal resources or external connections via extranets and Internet. To enable it, you have to do: