/usr/lib/tiger/doc/ndd.html is in tiger 1:3.2.3-8.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 | <HR><PRE>
</PRE><HR>
<CENTER><H2> Documents for ndd</H2></CENTER>
<A NAME="ndd001f"><P><B>Code [ndd001f]</B><P>
This option determines whether to forward broadcast packets directed
to a specific net or subnet, if that net or subnet is directly
connected to the machine. If the system is acting as a router, this
option can be exploited to generate a great deal of broadcast network
traffic. Turning this option off will help prevent broadcast traffic
attacks.
To disable this do:
# ndd -set /dev/ip ip_forward_directed_broadcasts 0
<PRE>
</PRE><HR>
<A NAME="ndd002f"><P><B>Code [ndd002f]</B><P>
This option determines whether to forward packets that are source
routed. These packets define the path the packet should take instead
of allowing network routers to define the path.
To disable this do:
# ndd -set /dev/ip ip_forward_src_routed 0
<PRE>
</PRE><HR>
<A NAME="ndd003w"><P><B>Code [ndd003w]</B><P>
IP forwarding is the option that permits the system to act as a router
and thus resend packets from one network interface to another. If your
system is not acting as such this option should be disabled.
To disable this do:
# ndd -set /dev/ip ip_forwarding 0
<PRE>
</PRE><HR>
<A NAME="ndd004f"><P><B>Code [ndd004f]</B><P>
The echo-request PMTU strategy can be used for amplification attacks.
Use either strategy 1 or strategy 0.
To disable this do:
# ndd -set /dev/ip ip_pmtu_straegy [0|1]
<PRE>
</PRE><HR>
<A NAME="ndd005w"><P><B>Code [ndd005w]</B><P>
This option determines whether to send ICMP redirect messages which
can introduce changes into remote system's routing table. It should
only be used on systems that act as routers.
To disable this do:
# ndd -set /dev/ip ip_send_redirects 0
<PRE>
</PRE><HR>
<A NAME="ndd006w"><P><B>Code [ndd006w]</B><P>
The system is configured to send ICMP source quench messages. These
ICMP messages have been deprecated.
To disable this do:
# ndd -set /dev/ip ip_send_source_sqench 0
<PRE>
</PRE><HR>
<A NAME="ndd007f"><P><B>Code [ndd007f]</B><P>
This options determines whether to respond to ICMP netmask requests
which are typically sent by diskless clients when booting. An
attacker may use the netmask information for determining network
topology or the broadcast address for the subnet.
To disable this do:
# ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0
<PRE>
</PRE><HR>
<A NAME="ndd008f"><P><B>Code [ndd008f]</B><P>
This option determines whether to respond to ICMP broadcast echo
requests (ping). An attacker may try to create a denial of service
attack on subnets by sending many broadcast echo requests to which all
systems will respond. This also provides information on systems that
are available on the network.
To disable this do:
# ndd -set /dev/ip ip_respond_to_echo_broadcast 0
<PRE>
</PRE><HR>
<A NAME="ndd009f"><P><B>Code [ndd009f]</B><P>
This option determines whether to respond to ICMP broadcast timestamp
requests which are used to discover the time on all systems in the
broadcast range. This option is dangerous for the same reasons as
responding to a single timestamp request. Additionally, an attacker
may try to create a denial of service attack by generating many
broadcast timestamp requests.
To disable this do:
# ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0
<PRE>
</PRE><HR>
<A NAME="ndd010f"><P><B>Code [ndd010f]</B><P>
This option determines whether to respond to ICMP timestamp requests
which some systems use to discover the time on a remote system. An
attacker may use the time information to schedule an attack at a
period of time when the system may run a cron job (or other time-
based event) or otherwise be busy. It may also be possible predict
ID or sequence numbers that are based on the time of day for spoofing
services.
# ndd -set /dev/ip ip_respond_to_timestamp 0
<PRE>
</PRE><HR>
<A NAME="ndd011w"><P><B>Code [ndd011w]</B><P>
This option determines if HP-UX will include explanatory text in the
RST segment it sends. This text is helpful for debugging, but is also
useful to potential intruders.
To disable this do:
# ndd -set /dev/tcp tcp_text_in_resets 0
|