Profile Applicability:
 • Level 1

Description:
 Packet redirect sending allows a host to inform other hosts of a better route for sending packets. Disabling this feature prevents the system from sending ICMP redirect messages, which can be exploited for man-in-the-middle attacks or network disruptions.

Rationale:
 Disabling packet redirect sending reduces the risk of attackers manipulating network traffic and enhances network security.

Impact:
 Pros:

  • Prevents potential redirection attacks.

  • Enhances overall network security posture.

Cons:

  • May affect network performance or routing in specific scenarios where redirects are legitimately used.

Default Value:
 Packet redirect sending is often enabled by default on many systems.

Pre-requisites:

  • Root or sudo privileges to modify system network settings.

Remediation:

Test Plan:

Using Linux command line:

1. Check current status of packet redirect sending:

sysctl net.ipv4.conf.all.send_redirects  
sysctl net.ipv4.conf.default.send_redirects

2. Confirm both values are set to 0 (disabled).

Implementation Plan:

Using Linux command line:

1. Disable packet redirect sending temporarily:

sysctl -w net.ipv4.conf.all.send_redirects=0  
sysctl -w net.ipv4.conf.default.send_redirects=0

2. Persist the settings by adding to /etc/sysctl.conf or a file in /etc/sysctl.d/:

net.ipv4.conf.all.send_redirects = 0  
net.ipv4.conf.default.send_redirects = 0

3. Reload sysctl settings:

sysctl -p

Backout Plan:

Using Linux command line:

1. Re-enable packet redirect sending if necessary:

sysctl -w net.ipv4.conf.all.send_redirects=1  
sysctl -w net.ipv4.conf.default.send_redirects=1

2. Update configuration files accordingly and reload sysctl.

References: