TCP/IP stack reinforcement for Unix operating systems-IP protocol section

TCP/IP stack attacksTwo of the following types:

Scanning: scanning or tracking footprints are part of the hacker's initial information collection process. Before hackers can attack a system, they need to collect information about the system, such as network layout, operating system type, available system services, and system users. Hackers can deduce possible vulnerabilities Based on the collected information and select the best attack method for the selected target system.

Denial of Service (DoS) attacks: hackers usually target a specific system and break into the system to use it for a specific purpose. The host security of those systems often prevents attackers from gaining control over the host. However, when launching a denial of service attack, attackers do not have to gain control of the system. The goal is to overload the system or network so that they cannot continue to provide services. DoS attacks can have different targets, including bandwidth consumption and resource shortage. Denial of Service attacks are now extended to distributed denial of service attacks.

IP protocolIt is one of the most important protocols in TCP/IP and provides a connectionless data packet transmission mechanism. Its main functions include addressing, route selection, segmentation, and assembly.

1. Disable IP Source Routing

The IP protocol allows a host to specify the route through your network, rather than allowing network components to determine the optimal path. The valid application of this function is used to diagnose connection faults. However, this function is rarely used. This feature is most commonly used to mirror your network for reconnaissance purposes, or for attackers to find a backdoor in your private network. This feature should be disabled unless you specify this feature for fault diagnosis only.

 
 

  
  
AIX5
  
  
 
  
  
# No-oIpsrcroutesend=0 
  
  
 
  
  
# No-oIpsrcrouteforward=0 
  
  
 
  
  
FreeBSD 5-7
  
  
 
  
  
# Sysctl-wNet. inet. ip. sourceroute=0 
  
  
 
  
  
# Sysctl-wNet. inet. ip. accept_sourceroute=0 
  
  
 
  
  
HP-UX 10
  
  
 
  
  
# Ndd-set/dev/ip ip_src_route_forward 0
  
  
 
  
  
Linux2.4-2.6 # sysctl-wNet. ipv4.conf. all. accept_source_route=0 
  
  
 
  
  
# Sysctl-wNet. ipv4.conf. all. forwarding=0 
  
  
 
  
  
# Sysctl-wNet. ipv4.conf. all. mc_forwarding=0 
  
  
 
  
  
The OpenBSD3-4 is already the default setting
  
  
 
  
  
Solaris8-10
  
  
 
  
  
# Ndd-set/dev/ip ip_forward_src_routed 0
  
  
 
  
  
# Ndd-set/dev/ip ip6_forward_src_routed 0
 
 

2. Sound force check, also known as entry filter or exit Filter

 
 

  
  
Linux2.4-2.6  
  
  
 
  
  
#sysctl -w net.ipv4.conf.all.rp_filter=1 
 
 

3. log and discard "Martian" packets

 
 

  
  
Linux2.4-2.6  
  
  
 
  
  
#sysctl -w net.ipv4.conf.all.log_martians=1 
 
 

The attack content of the IP protocol has been introduced to you, and we hope you have mastered it. We will continue to introduce it to you in future articles.

1. UNIX System Security Crisis assessment
2. Take targeted measures to ensure the security of Unix servers
3. Analysis of the inevitability of Unix host System Security Vulnerabilities
4. TCP/IP stack reinforcement for Unix operating systems-TCP protocol section
5. ARP protocol for TCP/IP stack reinforcement of Unix operating systems