UNIX - TCP/IP Stack Modifications


Prevent DoS

/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q 1024
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q0 2048
/usr/sbin/ndd -set /dev/tcp tcp_time_wait_interval 60000
/usr/sbin/ndd -set /dev/ip ip_respond_to_echo_broadcast 0
/usr/sbin/ndd -set /dev/ip ip_forward_directed_broadcasts 0

Disable redirects

/usr/sbin/ndd -set /dev/ip ip_ignore_redirect 1
/usr/sbin/ndd -set /dev/ip ip_send_redirects 0

Disable Source routing

/usr/sbin/ndd -set /dev/ip ip_forward_src_routed 0

Linux Kernal 2.2

Prevent DoS

/sbin/sysctl -w net.ipv4.tcp_max_syn_backlog=1280
/sbin/sysctl -w net.ipv4.vs.timeout_timewait=60
/sbin/sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1

Disable redirects

/sbin/sysctl -w net.ipv4.conf.all.send_redirects=0
/sbin/sysctl -w net.ipv4.conf.all.accept_redirects=0

Disable Source routing

/sbin/sysctl -w net.ipv4.conf.all.accept_source_route=0

Tags: TCP

About the Author


R Donato

Rick Donato is the Founder and Chief Editor of He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001