HPE Community
Operating System - HP-UX
1851019 Members
2630 Online
104056 Solutions
New Discussion

How to drop source routed packets?

 
SOLVED
Go to solution
Jorge Fabregas
Regular Advisor

‎05-24-2004 12:12 PM

‎05-24-2004 12:12 PM

How to drop source routed packets?

Hello everyone,

This question if for all network gurus out there! How can I drop source routed packets? In Linux there are some files under the /proc virtual filesystem that allow me to change this.

I've been given a Nessus report regarding this issue on all my servers. I really have no idea how to turn it off on HP-UX.

Thanks in advance,
Jorge
0 Kudos
Reply
4 REPLIES 4
Sundar_7
Honored Contributor

‎05-24-2004 12:21 PM

‎05-24-2004 12:21 PM

Re: How to drop source routed packets?

If you are running 11.x then you can use ndd. I am not 100% sure if the parameter ip_forward_src_routed can be used to drop the source routed packets.

Check out the ndd documentation and the explanation of ip_forward_src_routed parameter.

Learn What to do ,How to do and more importantly When to do ?
Reply
Steven E. Protter
Exalted Contributor

‎05-24-2004 12:27 PM

‎05-24-2004 12:27 PM

Re: How to drop source routed packets?

ndd is the command. You actually know more about the subject than I, and the ndd manual should lay things out pretty nicely for you.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Ron Kinner
Honored Contributor

‎05-24-2004 01:45 PM

‎05-24-2004 01:45 PM

Solution

Re: How to drop source routed packets?

http://www.blacksheepnetworks.com/security/resources/bastion11.html

is the best source for that sort of info but it assumes you know a lot about ndd. The parameter in ndd is ip_forward_src_routed which is a member of /dev/ip. The default value is 1 but you want it to be 0. There is a file /etc/rc.config.d/nddconf which you have to edit so that it stays after a boot but just to prove the concept you can change it on the fly with:

ndd -set /dev/ip ip_forward_src_routed 0

In the nddconf file you add three lines:

TRANSPORT_NAME[0]=ip
NDD_NAME[0]=ip_forward_src_routed
NDD_VALUE[0]=0

If you already have values in nddconf then use the next higher integer in the brackets.

Ron

Reply
Jorge Fabregas
Regular Advisor

‎05-24-2004 01:59 PM

‎05-24-2004 01:59 PM

Re: How to drop source routed packets?

Thanks Sundar, Steven and Ron! Many thanks!

Hey Ron! You made it too easy for me :) Thanks!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.