Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-03-12 23:26:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Set net.ipv4.conf.*.arp_filter=1

Browse Source
This commit is contained in:
raja-grewal 2024-12-19 10:31:43 +00:00 committed by GitHub
parent 95b535764c
commit af1d06973b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -105,8 +105,7 @@ Networking:
- Optional - Deny sending and receiving shared media redirects to reduce
the risk of IP spoofing attacks.
- Optional - Enable ARP filtering to mitigate some ARP spoofing and ARP
cache poisoning attacks.
- Enable ARP filtering to mitigate some ARP spoofing and ARP cache poisoning attacks.
- Optional - Respond to ARP requests only if the target IP address is
on-link, preventing some IP spoofing attacks.

2
usr/lib/sysctl.d/990-security-misc.conf
View File

@ -460,7 +460,7 @@ net.ipv6.conf.*.accept_redirects=0
##
## https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf
##
#net.ipv4.conf.*.arp_filter=1
net.ipv4.conf.*.arp_filter=1
## Respond to ARP (Address Resolution Protocol) requests only if the target IP address is on-link.
## Reduces IP spoofing attacks by limiting the scope of allowable ARP responses.