#!/bin/sh -x
echo "Tuning TCP/IP STACK"
echo "*******************"      
# ICMP PROTECTION - ICMP SMURF ATTACKS

/usr/sbin/ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0
/usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp 0
/usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0
/usr/sbin/ndd -set /dev/ip ip_forward_directed_broadcasts 0
/usr/sbin/ndd -set /dev/ip ip_respond_to_echo_broadcast 0
/usr/sbin/ndd -set /dev/ip ip6_respond_to_echo_multicast 0
/usr/sbin/ndd -set /dev/ip ip_icmp_err_interval 1000
/usr/sbin/ndd -set /dev/ip ip_icmp_err_burst 1

# IP PROTECTION - IP SPOOFING ROUTER POISONING

/usr/sbin/ndd -set /dev/ip ip_forwarding 1
/usr/sbin/ndd -set /dev/ip ip_forward_src_routed 0 
/usr/sbin/ndd -set /dev/ip ip_ignore_redirect 1
/usr/sbin/ndd -set /dev/ip ip_send_redirects 0

# TCP PROTECTION - SYN/ACK FLOODING

/usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_initial 2000
/usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_min 1000
/usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_max 60000
/usr/sbin/ndd -set /dev/tcp tcp_ip_abort_interval 60000
/usr/sbin/ndd -set /dev/tcp tcp_ip_abort_cinterval 60000
/usr/sbin/ndd -set /dev/tcp tcp_time_wait_interval 30000
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q0 10240