|
HP Path MTU Discovery DoS Vulnerability
Solution: The vendor recommends the following action: Reference ndd manpage (1M), /etc/rc.config.d/nddconf To ensure that this parameter is set each time the system is booted, add the following lines to /etc/rc.config.d/nddconf TRANSPORT_NAME[<index>]=ip NDD_NAME[<index>]=ip_pmtu_strategy NDD_VALUE[<index>]=1 The value of <index> is an integer from 0 to 99. The first parameter specified in the file should use an <index> of 0, the second an <index> of 1, and so on. Once these changes have been made, execute the following command: /usr/bin/ndd -c This sets all of the options specified in the file /etc/rc.config.d/nddconf. To verify that the parameter is set correctly, use the following command. /usr/bin/ndd -get /dev/ip ip_pmtu_strategy This should report a value of 1. Another way to change the ip_pmtu_strategy parameter on a running system is to use the following NDD command: /usr/bin/ndd -set /dev/ip ip_pmtu_strategy 1 This setting will only last until the system is rebooted at which point the value of the parameter will be determined by the default value of 2 or whatever value is set in /etc/rc.config.d/nddconf |
|
|
Privacy Statement |
