This file is indexed.

/usr/lib/tiger/html/ndd.html is in tiger 1:3.2.3-10.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
<HR><PRE>








</PRE><HR>
<CENTER><H2> Documents for ndd</H2></CENTER>
<A NAME="ndd001f"><P><B>Code [ndd001f]</B><P>
This option determines whether to forward broadcast packets directed
to a specific net or subnet, if that net or subnet is directly
connected to the machine. If the system is acting as a router, this
option can be exploited to generate a great deal of broadcast network
traffic. Turning this option off will help prevent broadcast traffic
attacks.
To disable this do:
# ndd -set /dev/ip ip_forward_directed_broadcasts 0
<PRE>










</PRE><HR>
<A NAME="ndd002f"><P><B>Code [ndd002f]</B><P>
This option determines whether to forward packets that are source
routed. These packets define the path the packet should take instead
of allowing network routers to define the path.
To disable this do:
# ndd -set /dev/ip ip_forward_src_routed 0
<PRE>










</PRE><HR>
<A NAME="ndd003w"><P><B>Code [ndd003w]</B><P>
IP forwarding is the option that permits the system to act as a router
and thus resend packets from one network interface to another. If your
system is not acting as such this option should be disabled.
To disable this do:
# ndd -set /dev/ip ip_forwarding 0
<PRE>










</PRE><HR>
<A NAME="ndd004f"><P><B>Code [ndd004f]</B><P>
The echo-request PMTU strategy can be used for amplification attacks.
Use either strategy 1 or strategy 0.
To disable this do:
# ndd -set /dev/ip ip_pmtu_straegy [0|1]
<PRE>










</PRE><HR>
<A NAME="ndd005w"><P><B>Code [ndd005w]</B><P>
This option determines whether to send ICMP redirect messages which
can introduce changes into remote system's routing table. It should
only be used on systems that act as routers.
To disable this do:
# ndd -set /dev/ip ip_send_redirects 0
<PRE>










</PRE><HR>
<A NAME="ndd006w"><P><B>Code [ndd006w]</B><P>
The system is configured to send ICMP source quench messages. These
ICMP messages have been deprecated.
To disable this do:
# ndd -set /dev/ip ip_send_source_sqench 0
<PRE>










</PRE><HR>
<A NAME="ndd007f"><P><B>Code [ndd007f]</B><P>
This options determines whether to respond to ICMP netmask requests
which are typically sent by diskless clients when booting. An
attacker may use the netmask information for determining network
topology or the broadcast address for the subnet.
To disable this do:
# ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0
<PRE>










</PRE><HR>
<A NAME="ndd008f"><P><B>Code [ndd008f]</B><P>
This option determines whether to respond to ICMP broadcast echo
requests (ping). An attacker may try to create a denial of service
attack on subnets by sending many broadcast echo requests to which all
systems will respond. This also provides information on systems that
are available on the network.
To disable this do:
# ndd -set /dev/ip ip_respond_to_echo_broadcast 0
<PRE>










</PRE><HR>
<A NAME="ndd009f"><P><B>Code [ndd009f]</B><P>
This option determines whether to respond to ICMP broadcast timestamp
requests which are used to discover the time on all systems in the
broadcast range. This option is dangerous for the same reasons as
responding to a single timestamp request. Additionally, an attacker
may try to create a denial of service attack by generating many
broadcast timestamp requests.
To disable this do:
# ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0
<PRE>










</PRE><HR>
<A NAME="ndd010f"><P><B>Code [ndd010f]</B><P>
This option determines whether to respond to ICMP timestamp requests
which some systems use to discover the time on a remote system. An
attacker may use the time information to schedule an attack at a
period of time when the system may run a cron job (or other time-
based event) or otherwise be busy. It may also be possible predict
ID or sequence numbers that are based on the time of day for spoofing
services.
# ndd -set /dev/ip ip_respond_to_timestamp 0
<PRE>










</PRE><HR>
<A NAME="ndd011w"><P><B>Code [ndd011w]</B><P>
This option determines if HP-UX will include explanatory text in the
RST segment it sends. This text is helpful for debugging, but is also
useful to potential intruders.
To disable this do:
# ndd -set /dev/tcp tcp_text_in_resets 0