I'm trying to enable md5 checksum/signature for tcp packets in centOS (the main use case to stop tcp RST attacks, etc). It seems like I may be able to do this for individual ports using netcat or via iptables. What is the preferred way of enabling this option and is there a better method than those I listed?
Thanks
Best Answer
In order to enable TCP MD5 signatures on Linux you must
CONFIG_TCP_MD5SIG
enabled(Per an answer on Stack Overflow you can check this by checking the contents of
/proc/config.gz
)(Per the Stack Overflow folks the correct option to set is
TCP_MD5SIG
).