Skip site navigation (1)Skip section navigation (2) 
Date:      11 Jun 1999 19:28:27 +0200
From:      Dag-Erling Smorgrav <des@flood.ping.uio.no>
To:        "Richard Childers" <rchilders@hamquist.com>
Cc:        "Dmitriy Bokiy" <ratebor@cityline.ru>, <freebsd-security@FreeBSD.ORG>
Subject:   Re: Newbie questions: DoS & xinetd
Message-ID:  <xzpvhcuejes.fsf@flood.ping.uio.no>
In-Reply-To: "Richard Childers"'s message of "Thu, 10 Jun 1999 12:12:51 -0700"
References:  <18819.990610@cityline.ru> <37600E33.9A11E641@hamquist.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
"Richard Childers" <rchilders@hamquist.com> writes:
> For instance, if I wanted to search for all occurrences of the string
> "net.inet.ip.redirect", I would do:
> 
> 	# find / -type f -exec grep -i "net.inet.ip.redirect" {} \; -print

Which starts a grep process for every file on disk, which - needless
to say - is extremely inefficient. Use xargs.

Anyway, there is no need to use find(1) to find information about
net.inet.ip.redirect. Just:

$ cd /sys/netinet
$ grep 'SYSCTL.*redirect' *.c

will give you the name of the source file where the variable is
defined (ip_input.c, which I or any other kernel hacker could've told
you without even needing grep). A quick scan of that file would show
you that this sysctl variable controls *sending* redirects. As for
receiving them, incoming ICMP packets are handled in ip_icmp.c (also
in /sys/netinet). They are always honored, and the only way to avoid
honoring them is to run a firewall. A good rule is to block all ICMP
except types 0,3,8,11. The paranoid will want to block 0 and 8 as
well. Blocking 11 prevents traceroute(8) from working, but should not
have any adverse effects on performance (I don't know of any place on
the globe with is more than 64 hops away from me). Blocking 3
(UNREACH) is usually a bad idea.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpvhcuejes.fsf>