nanog mailing list archives
Re: Should routers send redirects by default?
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Sat, 21 Aug 2010 11:19:30 -0400
I appreciate the discussion.. Eric, are you reflecting messages back to the list without additional content for a reason? list-admin folks, could we ping eric and see what's busted? On Fri, Aug 20, 2010 at 9:08 PM, Eric J. Katanich <ekat () onyxlight net> wrote:
On 08/21/2010 02:08 AM, Brandon Ross wrote:On Fri, 20 Aug 2010, Ricky Beam wrote:I think it's almost universally disabled (by default) everywhere in IPv4 purely for security (traffic interception.)Okay, I'll ask again. Exactly how does disabling ICMP redirects on my router prevent traffic from being intercepted?As was mentioned in an other part of the thread. You disable it on the host and if no host is using it, you might as well disable it on the router as wel. Others mentioned some routers need to handle this in software instead of hardware, which is obviously slower. It might also help you notice you have a roque host when you are looking at your network-traffic and if you know your network doesn't have any ICMP-redirects normally. disabling on the host: OpenBSD: echo net.inet.icmp.rediraccept=0 >> /etc/sysctl.conf echo net.inet6.icmp6.rediraccept=0 >> /etc/sysctl.conf sysctl net.inet.icmp.rediraccept=0 sysctl net.inet6.icmp6.rediraccept=0 FreeBSD: echo net.inet.icmp.drop_redirect=0 >> /etc/sysctl.conf echo net.inet6.icmp6.rediraccept=0 >> /etc/sysctl.conf sysctl net.inet.icmp.drop_redirect=0 sysctl net.inet6.icmp6.rediraccept=0 Linux: echo net.ipv4.conf.all.accept_redirects = 0 >> /etc/sysctl.conf echo net.ipv4.conf.all.send_redirects = 0 >> /etc/sysctl.conf sysctl -p /etc/sysctl.conf
Current thread:
- Re: Should routers send redirects by default?, (continued)
- Re: Should routers send redirects by default? Brandon Ross (Aug 20)
- Re: Should routers send redirects by default? Leen Besselink (Aug 20)
- Re: Should routers send redirects by default? Eric J. Katanich (Aug 20)
- Re: Should routers send redirects by default? Jack Bates (Aug 21)
- Re: Should routers send redirects by default? Jared Mauch (Aug 21)
- Re: Should routers send redirects by default? Mark Smith (Aug 21)
- Re: Should routers send redirects by default? Mark Smith (Aug 21)
- Re: Should routers send redirects by default? Ricky Beam (Aug 23)
- Re: Should routers send redirects by default? David W. Hankins (Aug 24)
- Re: Should routers send redirects by default? Mark Smith (Aug 24)
- Re: Should routers send redirects by default? Brandon Ross (Aug 20)
- Re: Should routers send redirects by default? Christopher Morrow (Aug 21)
- Re: Should routers send redirects by default? Ricky Beam (Aug 20)
- Re: Should routers send redirects by default? Brandon Ross (Aug 20)
- Re: Should routers send redirects by default? Butch Evans (Aug 24)
- Re: Should routers send redirects by default? Ricky Beam (Aug 20)
- Re: Should routers send redirects by default? Mark Smith (Aug 20)
- Re: Should routers send redirects by default? David W. Hankins (Aug 24)