Linux webhost security settings in /etc/sysctl.conf

view full story

http://serverfault.com – While searching for more ways to secure Linux servers, I found the following /etc/sysctl.conf configuration. It came as is, without much explanation. Before using it on production environment (using Ubuntu 12.04 LTS), I'd like to know the implications of it on a web server. # Avoid a smurf attack net.ipv4.icmp_echo_ignore_broadcasts = 1 # Turn on protection for bad icmp error messages net.ipv4.icmp_ignore_bogus_error_responses = 1 # Turn on syncookies for SYN flood attack protection net.ipv4.tcp_syncookies = 1 # Turn on and log spoofed, source routed, and redirect packets net.ipv4.conf.all (HowTos)