Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-03-13 01:56:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #290 from raja-grewal/arp_ignore

Browse Source 
Respond to ARP requests only if the target IP address is on-link
This commit is contained in:
Patrick Schleizer 2025-01-10 10:29:12 -05:00 committed by GitHub
commit 486757bfae
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -107,8 +107,8 @@ Networking:
- Enable ARP filtering to mitigate some ARP spoofing and ARP cache poisoning attacks.
- Optional - Respond to ARP requests only if the target IP address is
on-link, preventing some IP spoofing attacks.
- Respond to ARP requests only if the target IP address is on-link,
preventing some IP spoofing attacks.
- Optional - Drop gratuitous ARP packets to prevent ARP cache poisoning
via man-in-the-middle and denial-of-service attacks.

2
usr/lib/sysctl.d/990-security-misc.conf
View File

@ -470,7 +470,7 @@ net.ipv4.conf.*.arp_filter=1
## https://github.com/mullvad/mullvadvpn-app/pull/7141
## https://www.x41-dsec.de/static/reports/X41-Mullvad-Audit-Public-Report-2024-12-10.pdf
##
#net.ipv4.conf.*.arp_ignore=2
net.ipv4.conf.*.arp_ignore=2
## Drop gratuitous ARP (Address Resolution Protocol) packets.
## Stops ARP responses sent by a device without being explicitly requested.