Thinking a Man-in-the-Middle (MitM) attack only happens over Wi-Fi? Think again. Your Linux servers, if not properly configured, can be tricked into redirecting traffic right into an attacker’s lap, even on a wired network. This isn’t theoretical; it’s a fundamental network exploitation technique.
ICMP redirects are a relic of a simpler network era. They allow a router to tell a host, “Hey, there’s a better path to this destination.” Sounds innocent, but an attacker can spoof these messages, convincing your server that their machine is the “better path.” Suddenly, your sensitive traffic is flowing through them.
The fix is straightforward, yet I still see too many organizations leaving this door wide open. This is basic hygiene, folks. If you’re running Linux servers, you need to disable acceptance of these redirects.
Here are the commands you need: net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0
Make this a non-negotiable part of your baseline hardening.
The fix
# /etc/sysctl.conf
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
sudo sysctl -p
Reference: CIS Linux Benchmark 3.2.2