Security issues of default network configuration in Slackware
Source: Internet
Author: User
Article title: default network configuration security issues in Slackware systems. Linux is a technology channel of the IT lab in China. Including desktop applications, Linux system management, kernel research, embedded systems, open source, and other basic classification Slackware default settings allow the following attacks:
1. IPV4 packet forwarding (enabled by default)
The default IP packet forwarding setting at around 19 rows of the script is ON. this default value is not suitable because computers connected to the network should not allow data forwarding by default. For example, when a dial-up user in a Lan maintains an Internet connection with his/her ISP, this setting is vulnerable to packet forwarding attacks in the LAN.
Followed by the script's IP packet forwarding settings, it is a comment on the rp_filter settings. Rp_filter is used to check the source address of the data packet to filter external attackers from using IP addresses to fool the internal network. If you do not enable this setting when you allow IP forwarding, it is vulnerable to IP spoofing from the intranet. According to this comment and the content of the kernel document, this setting is enabled implicitly when IP forwarding is allowed (by default. However, if you only explicitly enable IP forwarding (IPV4_FORWARD = 1), the rp_filter value in/proc is still '0 ', this means that the source of the data packet is not checked, and thus becomes the root cause of this vulnerability.
After checking the script of/etc/rc. d/rc. inet2, this description is written as follows:
# When using IPv4 packet forwarding, you will also get the rp_filter, which
* ^ ^ *
# Automatically rejects incoming packets if the routing table entry for their
# Source address DOESN'T match the network interface they ''re arriving on. This
# Has security advantages because it prevents the so-called IP spoofing,
# However it can pose problems if you use asypolicric routing (packets from you
# To a host take a different path than packets from that host to you) or if
# You operate a non-routing host which has several IP addresses on different
# Interfaces. To turn rp_filter off, uncomment the lines below:
# If [-r/proc/sys/net/ipv4/conf/all/rp_filter]; then
# Echo "Disabling rp_filter ...... "
# Echo 0>/proc/sys/net/ipv4/conf/all/rp_filter
# Fi
It can be seen that the slackware7 system does not explicitly enable rp_filter, so the recommended solution is:
Add after Description
Echo "Enableing rp_filter ...... "
Echo 1>/proc/sys/net/ipv4/conf/all/rp_filter
In this way, you can enable rp_filter settings.
3. TCP_SYNCOOKIES (disabled in 2.2.x kernel)
Syn-cookies used to prevent TCP_SYN attacks are enabled (default) in the 2.0.x kernel, but are disabled (default) in the 2.2.x kernel. The administrator should turn it on to protect the system from 'syn flood 'attacks.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
