mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-03-13 05:26:29 -04:00
Merge pull request #290 from raja-grewal/arp_ignore
Respond to ARP requests only if the target IP address is on-link
This commit is contained in:
Patrick Schleizer
GitHub
commit
486757bfae
@ -107,8 +107,8 @@ Networking:
|
|||||||
|
|
||||||
- Enable ARP filtering to mitigate some ARP spoofing and ARP cache poisoning attacks.
|
- Enable ARP filtering to mitigate some ARP spoofing and ARP cache poisoning attacks.
|
||||||
|
|
||||||
- Optional - Respond to ARP requests only if the target IP address is
|
- Respond to ARP requests only if the target IP address is on-link,
|
||||||
on-link, preventing some IP spoofing attacks.
|
preventing some IP spoofing attacks.
|
||||||
|
|
||||||
- Optional - Drop gratuitous ARP packets to prevent ARP cache poisoning
|
- Optional - Drop gratuitous ARP packets to prevent ARP cache poisoning
|
||||||
via man-in-the-middle and denial-of-service attacks.
|
via man-in-the-middle and denial-of-service attacks.
|
||||||
|
|||||||
@ -470,7 +470,7 @@ net.ipv4.conf.*.arp_filter=1
|
|||||||
## https://github.com/mullvad/mullvadvpn-app/pull/7141
|
## https://github.com/mullvad/mullvadvpn-app/pull/7141
|
||||||
## https://www.x41-dsec.de/static/reports/X41-Mullvad-Audit-Public-Report-2024-12-10.pdf
|
## https://www.x41-dsec.de/static/reports/X41-Mullvad-Audit-Public-Report-2024-12-10.pdf
|
||||||
##
|
##
|
||||||
#net.ipv4.conf.*.arp_ignore=2
|
net.ipv4.conf.*.arp_ignore=2
|
||||||
|
|
||||||
## Drop gratuitous ARP (Address Resolution Protocol) packets.
|
## Drop gratuitous ARP (Address Resolution Protocol) packets.
|
||||||
## Stops ARP responses sent by a device without being explicitly requested.
|
## Stops ARP responses sent by a device without being explicitly requested.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user