On Mon, 12 Feb 2001, Kenn Humborg wrote:
> OK. That's not too bad.
'cept windows doesn't listen to them.
>> Now, first glance seems to suggest that one of my Linux machines
> is ignoring these redirects. Is this controlled by a sysctl or
> something?
>
/proc/sys/net/ipv4/conf/_I_/accept_redirects
(_I_ == interface. note that _I_ == all has precedence over specific
interface settings, set all/accept_redirects to 0 to stop them
completely)
> And what's the general deal with ICMP redirects? Honour them
> or ignore them? Are they 'safe'?
not really. hosts that honour them could be subjected to DoS or worse
have their traffic redirected via host.evil.com.
> Or safe enough for use in
> an internal network?
think so. 'cept for any gateway machines that hide more sensitive
networks from your general user network.
> Later,
> Kenn
--paulj
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
