Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
PrevChapter 5. General System SecurityNext

5.25. Refuse responding to broadcasts request

As for the ping request, it's also important to disable broadcast request. When a packet is sent to an IP broadcast address (i.e. 192.168.1.255) from a machine on the local network, that packet is delivered to all machines on that network. Then all the machines on a network respond to this ICMP echo request and the result can be severe network congestion or outages -denial-of-service attacks. See the RFC 2644 for more information.

Version 6.1 only


              [root@deep] /# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
You can add this line in your /etc/rc.d/rc.local file so the command will be automatically set if your system reboots.

Version 6.2 only

Edit the /etc/sysctl.conf file and add the following line: 

              # Enable ignoring broadcasts request
              net.ipv4.icmp_echo_ignore_broadcasts = 1
You must restart your network for the change to take effect. The command to restart the network is the following:

To restart all networks devices manually on your system, use the following command: 

              [root@deep] /# /etc/rc.d/init.d/network restart

Setting network parameters [ OK ] Bringing up interface lo [ OK ] Bringing up interface eth0 [ OK ] Bringing up interface eth1 [ OK ]

PrevHomeNext
The kernel tunable parametersUpRouting Protocols