I stumbled over this article the other day, it basically decribes several configuration options for several routers and UNIX OSes that can be used to reduce minimize the impact of DoS attacks:
http://www.antioffline.com/stoppingdos.html I've already read about a few of the Linux IPV4 configurations. However, I have never seen two IPV4 options describe in this article. Perhaps somebody help me with this :-D The author recomends the following configuration of the Linux kernel to disable source routed packets and to prevent subtle probes of an internal network behind a multihomed host. E. Linux kernel 2.2 /sbin/sysctl -w net.ipv4.conf.all.accept_source_route=0 Drop all source route packets. /sbin/sysctl -w net.ipv4.conf.all.forwarding=0 /sbin/sysctl -w net.ipv4.conf.all.mc_forwarding=0 Do not forward source routed frames. I'm running kernel 2.4.6 and I'm using NetFilter to provide NAT to my own internal network (ip_forward=1). I have been able to change the forwarding parameter to 0 but cannot do so for the mc_forwarding parameter. Whenever I try to echo 0 > /proc/sys/net/ipv4/conf/all/mc_forwarding as root I always get a Permission Denied message from the kernel. My questions are: Why can't I change the mc_forwarding parameter? What exactly do these paramters do, and should I be toying around with them? Thanks for your time and patience, Stef