Home > Security > Reduce Server Visibility

Reduce Server Visibility

June 21, 2005 Posted by KP

Learnt a tip from the book “Mastering FreeBSD and OpenBSD Security”. Servers connected to the Internet receive lots of network probes (automate scans). When the probes are to connect to a TCP and UDP port where no process is listening, the default kernel will compose a TCP reset packet, or an ICMP port unreachable message, and send it as a response.

This is not good for security reasons and system resource. To change the default kernel’s behavior, there are two related variables in sysctl, add the following two lines in /etc/sysctl.conf, the system will drop these kinds of packets:
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1

To make them go into effect immediately without reboot, run:
# sysctl net.inet.tcp.blackhole=2
# sysctl net.inet.udp.blackhole=1

By searching “net.inet.tcp.blackhole” with Google, I found a good article: Preventing Denial of Service Attacks, which coincidentally (or inevitably) used these two parameters and kern.ipc.somaxconn as important means, making a system more robust is surely helpful to fight against DoS attack, and vice versa.

Bookmark and Share


Related Posts:

Filed Under: Security

Leave a Comment









*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word


Subscribe via RSS/EMail


Categories

Archives

Links

  • Dedicated Servers

    • Meta