As a security best practice, verify that the host system ignores IPv4 Internet Control Message Protocol (ICMP) redirect messages. A malicious ICMP redirect message can allow a man-in-the-middle attack to occur. Routers use ICMP redirect messages to notify hosts that a more direct route exists for a destination. These messages modify the host's route table and are unauthenticated.


  1. Run the # grep [01] /proc/sys/net/ipv4/conf/*/accept_redirects|egrep "default|all" command on the host system to check whether the host system ignores IPv4 redirect messages.
  2. Configure the host system to ignore IPv4 ICMP redirect messages.
    1. Open the /etc/sysctl.conf file.
    2. If the values are not set to 0, add the following entries to the file or update the existing entries accordingly. Set the value to 0.
    3. Save the changes and close the file.
    4. Run # sysctl -p to apply the configuration.