FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 03-06-2011, 05:43 AM
Linda Ursin
 
Default IPv4 messages from Tiger after dist-upgrade

Hi

Since upgrading to Squeeze, I'm getting these from Tiger:

dolly:/home/linda# tigexp lin014f

It is possible to send IP spoofed packets from this machine. Spoofed
packets are commonly used by trojans that make use of compromised hosts

to deliver denial of service, man in the middle or connection hijacking.
You should consider configuring your kernel to not permit this:
* # sysctl -w net.ipv4.conf.all.rp_filter = 2
and:
* # sysctl -w net.ipv4.conf.default.rp_filter = 2


dolly:/home/linda# tigexp lin016f

Source routing might permit an attacker to send packets through your
host (if routing is enabled) to other hosts without following your
network topology setup. It should be enabled only under very special

circumstances or otherwise an attacker could try to bypass the traffic
filtering that is done on the network:
* # sysctl -w net.ipv4.conf.all.accept_source_route = 0
and:
* # sysctl -w net.ipv4.conf.default.accept_source_route = 0


dolly:/home/linda# tigexp lin017w

Suspicious packets received by the kernel should be logged to detect
incoming attacks. To activate this logging capability:
* # sysctl -w net.ipv4.conf.all.log_martians = 1

and:
* # sysctl -w net.ipv4.conf.default.log_martians = 1


Could these fixes be included in an update, or do I have to enter them myself? I don't like to edit the kernel because I don't know enough about it.

Since I'm not sure it's actually a bug, I'm not reporting it as such.

Linda~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~ *~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~

Linda Ursin
Heksebua


Adresse:* * * * * * * * * * * Tlf:* ** (+47) 402 40 767
Solvang* * * * * * * * * * * * www:* ** http://heksebua.com
7288 Soknedal* * * * * * * E-post:* linda@heksebua.com


Org: NO 995 578 107
 
Old 03-06-2011, 09:53 AM
Steven Ayre
 
Default IPv4 messages from Tiger after dist-upgrade

They're just configuration settings. You can either set them from the
command line using the sysctl commands it gives you, or create a
/etc/sysctl.d/something.conf file that contains:
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.all.rp_filter = 2
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
Then do "invoke-rc.d procps restart" to make them take effect. That
method is probably better because they'll then be set on bootup in
future.

They'll probably not be set by default, because there are reasons that
some machines wouldn't want those as defaults.

-Steve


On 6 March 2011 06:43, Linda Ursin <linda@heksebua.com> wrote:
> Hi
>
> Since upgrading to Squeeze, I'm getting these from Tiger:
>
> dolly:/home/linda# tigexp lin014f
>
> It is possible to send IP spoofed packets from this machine. Spoofed
> packets are commonly used by trojans that make use of compromised hosts
> to deliver denial of service, man in the middle or connection hijacking.
> You should consider configuring your kernel to not permit this:
> * # sysctl -w net.ipv4.conf.all.rp_filter = 2
> and:
> * # sysctl -w net.ipv4.conf.default.rp_filter = 2
>
> dolly:/home/linda# tigexp lin016f
>
> Source routing might permit an attacker to send packets through your
> host (if routing is enabled) to other hosts without following your
> network topology setup. It should be enabled only under very special
> circumstances or otherwise an attacker could try to bypass the traffic
> filtering that is done on the network:
> * # sysctl -w net.ipv4.conf.all.accept_source_route = 0
> and:
> * # sysctl -w net.ipv4.conf.default.accept_source_route = 0
>
> dolly:/home/linda# tigexp lin017w
>
> Suspicious packets received by the kernel should be logged to detect
> incoming attacks. To activate this logging capability:
> * # sysctl -w net.ipv4.conf.all.log_martians = 1
> and:
> * # sysctl -w net.ipv4.conf.default.log_martians = 1
>
>
> Could these fixes be included in an update, or do I have to enter them
> myself? I don't like to edit the kernel because I don't know enough about
> it.
> Since I'm not sure it's actually a bug, I'm not reporting it as such.
>
> Linda
> ~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~* ~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
>
> Linda Ursin
> Heksebua
>
> Adresse:* * * * * * * * * * * Tlf:* ** (+47) 402 40 767
> Solvang* * * * * * * * * * * * www:* ** http://heksebua.com
> 7288 Soknedal* * * * * * * E-post:* linda@heksebua.com
>
> Org: NO 995 578 107
>


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTimjXS80pjX6asH0WMn1_Yd3svTQqbokNhGx=fgt@mail .gmail.com">http://lists.debian.org/AANLkTimjXS80pjX6asH0WMn1_Yd3svTQqbokNhGx=fgt@mail .gmail.com
 

Thread Tools




All times are GMT. The time now is 04:02 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org