[ipv6hackers] IPv6 security presentation at Hack.lu 2011
Marc Heuse
mh at mh-sec.de
Sat Oct 1 12:06:49 CEST 2011
beware, beware
Am 30.09.2011 11:51, schrieb Markus Reschke:
>> Maybe it is something you can do by setting a variable and building a new
>> kernel in UNIX/Linux ?
>
> For linux just add following to sysctl.conf:
> net.ipv4.conf.default.accept_redirects=0
> net.ipv4.conf.all.accept_redirects=0
> net.ipv6.conf.default.accept_redirects=0
> net.ipv6.conf.all.accept_redirects=0
everybody thinks this works - but it does not.
.all. does not change any configuration. you *must* configure the
interfaces individually.
so
net.ipv4.conf.eth0.accept_redirects=0
net.ipv4.conf.eth1.accept_redirects=0
etc.
I know its hard to believe, so verify it for yourself :-)
Greets,
Marc
--
Marc Heuse
Mobil: +49 177 9611560
Fax: +49 30 37309726
www.mh-sec.de
Marc Heuse - IT-Security Consulting
Winsstr. 68
10405 Berlin
Ust.-Ident.-Nr.: DE244222388
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
More information about the Ipv6hackers
mailing list