TCP/IP Hardening

The following lines need to be added to the file /etc/rc.conf in order to take effect.

Please note that changes will not take effect until a system restart.

Prevent OS Fingerprinting tcp_drop_synfin=”YES”
Prevent ICMP Redirect icmp_drop_redirect=”YES”
Blackhole TCP Packets net.inet.tcp.blackhole=2
Blackhole UDP Packets net.inet.udp.blackhole=1
Route Cache Expire net.inet.ip.rtexpire=2
Minimum Route Cache Expire net.inet.ip.rtminexpire=2

Posted in Windows. Bookmark the permalink.