|
|
Sponsored Content
Operating Systems
Solaris
Security vulnerability on my sun solaris 9 box
Post 302074731 by Perderabo on Thursday 25th of May 2006 12:12:41 PM
05-25-2006
This is a confusing issue. The ip protocol that we have used for many years is version 4 of the ip protocol. Version 6 is starting to be deployed as well. ip_forward_src_routed controls version 4's behavior. It has a counterpart ip6_forward_src_routed to control version 6's behavior. This risk is very trivial but I think they should both be zero anyway. Check them with:
ndd -get /dev/ip ip_forward_src_routed
ndd -get /dev/ip ip6_forward_src_routed
Not acting as a router is different. Let's say that you have an hme0 interface. Then use:
ndd -get /dev/ip ip_forwarding
ndd -get /dev/ip ip6_forwarding
ndd -get /dev/ip hme0:ip_forwarding
ndd -get /dev/ip lo0:ip_forwarding
I'm not sure how the last two interact first the first two. But if a paramater has the string "forward" anywhere in it, zero it out until the need for non-zero is proven. I'm not sure exactly what ip_forward_directed_broadcasts does. But zero it out too. ("directed_broadcasts"... kinda like "jumbo shrimp"
)
ndd -get /dev/ip ip_forward_src_routed
ndd -get /dev/ip ip6_forward_src_routed
Not acting as a router is different. Let's say that you have an hme0 interface. Then use:
ndd -get /dev/ip ip_forwarding
ndd -get /dev/ip ip6_forwarding
ndd -get /dev/ip hme0:ip_forwarding
ndd -get /dev/ip lo0:ip_forwarding
I'm not sure how the last two interact first the first two. But if a paramater has the string "forward" anywhere in it, zero it out until the need for non-zero is proven. I'm not sure exactly what ip_forward_directed_broadcasts does. But zero it out too. ("directed_broadcasts"... kinda like "jumbo shrimp"
)|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I have a Sun box that I am trying to get started up, but everytime it will crap out because it is bound to an NIS domain that no longer exists. The Master for that domain was put out of commission. It was suggested to me that I could boot off of the Installation cd for the OS (Solaris 8) and... (4 Replies)
Discussion started by: Jody
4 Replies
2. UNIX Benchmarks
I could write a long spec here, however.....we are looking at investing in one of thise shiny blue Sun V440's. Rediculousely expensive, however possibly more cost effective over time...too much time listening to salesmen. To the point has anyone actually performed a comparison for Oracle running on... (4 Replies)
Discussion started by: luker
4 Replies
3. Solaris
Evening...
I just recently purchased an older Ultra 5 with Solaris 8 equiped with NT. I'm not necessarily new to the unix world but this is the first time I've had my own box. I'm used to Unix in the working environment.
So with that said...
Are there any specific files I should be... (2 Replies)
Discussion started by: PapaPark
2 Replies
4. UNIX for Dummies Questions & Answers
Hi,
I need a clarification.
Is there any difference between AIX box and Sun Solaris box?
The bzip command with -c option works in AIX box and the same does not work in Sun Solaris box.
Can anyone please explain if there is an implementation difference in both these boxes for the shell... (1 Reply)
Discussion started by: nisha4680
1 Replies
5. Solaris
i want to migrate sun box 5.8 to 5.10 and also 5.9 to 5.10 with jump start
without ditrubing any users, how it can be done? (3 Replies)
Discussion started by: saini707
3 Replies
6. UNIX for Advanced & Expert Users
Hi experts,
I need to send email form my sun box but i unable to send?
1) What Basic setting i have to check?
2) We have DNS server running on other system (ISP-DNS 202.62.64.3,Primary-DNS 192.168.10.4 slave-DNS 192.168.10.1)
3) what Files need to be check, what files need to be created.
... (1 Reply)
Discussion started by: saisivakumar
1 Replies
7. Solaris
How to implement NFS Security in server where filesystem is configured as NFS & AutoFS?
Any special patch need to be applied?
What are the procedures? (1 Reply)
Discussion started by: KhawHL
1 Replies
8. Solaris
Got the console cable all connected up and got tot he ok prompt.
Typed in boot cdrom and got the following:
ok boot cdrom
Boot device: /pci@8,700000/scsi@6/disk@6,0:f File and args:
ERROR: /packages/deblocker: Last Trap: Corrected ECC Error
Can't read disk label.
Can't open disk... (4 Replies)
Discussion started by: bbbngowc
4 Replies
9. Solaris
Hello Friends,
I have installed Solaris 10 on on Sun Virtual Box. I am able to browse internet on solaris 10 thru firefox, however I am not getting sound, there is cross on the tray icon of sound.
Please help with this !!
Regards,
Sahil (3 Replies)
Discussion started by: sahilsardana
3 Replies
10. UNIX for Dummies Questions & Answers
hi
Am Using Windows vista machine where i installed Sun Virtual Box on Which i installled Solaris 10.. am not able to ping my windows machine from Sun OS neither viceversa.. Can someone help me out to get this sorted please .... (2 Replies)
Discussion started by: Sojourner
2 Replies
LEARN ABOUT V7
ndd
ndd(1M) System Administration Commands ndd(1M) NAME
ndd - get and set driver configuration parameters SYNOPSIS
ndd [-set] driver parameter [value] DESCRIPTION
ndd gets and sets selected configuration parameters in some kernel drivers. Currently, ndd only supports the drivers that implement the TCP/IP Internet protocol family. Each driver chooses which parameters to make visible using ndd. Since these parameters are usually tightly coupled to the implementation, they are likely to change from release to release. Some parameters may be read-only. If the -set option is omitted, ndd queries the named driver, retrieves the value associated with the specified parameter, and prints it. If the -set option is given, ndd passes value, which must be specified, down to the named driver which assigns it to the named parameter. By convention, drivers that support ndd also support a special read-only parameter named ``?'' which can be used to list the parameters supported by the driver. EXAMPLES
Example 1: Getting Parameters Supported By The TCP Driver To see which parameters are supported by the TCP driver, use the following command: example% ndd /dev/tcp ? The parameter name ``?'' may need to be escaped with a backslash to prevent its being interpreted as a shell meta character. The following command sets the value of the parameter ip_forwarding in the dual stack IP driver to zero. This disables IPv4 packet forward- ing. example% ndd -set /dev/ip ip_forwarding 0 Similarly, in order to disable IPv6 packet forwarding, the value of parameter ip6_forwarding example% ndd -set /dev/ip ip6_forwarding 0 To view the current IPv4 forwarding table, use the following command: example% ndd /dev/ip ipv4_ire_status To view the current IPv6 forwarding table, use the following command: example% ndd /dev/ip ipv6_ire_status ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ SEE ALSO
nca(1), ioctl(2), attributes(5), arp(7P), ip(7P), ip6(7P), tcp(7P), udp(7P) NOTES
The parameters supported by each driver may change from release to release. Like programs that read /dev/kmem, user programs or shell scripts that execute ndd should be prepared for parameter names to change. The ioctl() command that ndd uses to communicate with drivers is likely to change in a future release. User programs should avoid making dependencies on it. The meanings of many ndd parameters make sense only if you understand how the driver is implemented. SunOS 5.10 8 Nov 1999 ndd(1M)