Home > Articles > Operating Systems, Server > Solaris

  • Print
  • + Share This
This chapter is from the book

Network Routing

The network router (in.routed) and router discovery (in.rdisc) daemons are used by a Solaris OE system to dynamically determine network routing requirements. Both in.routed and in.rdisc functionality are discussed in Chapter 2.

Multicast Routing

Multicast is a method to send network data to many systems at the same time with only a single address. Unless the system must participate in a multicast application, it is recommended to disable the code that enables the multicast route assignment. For Solaris 7 OE and earlier, the following lines in /etc/init.d/inetsvc should be commented out:

mcastif=´/sbin/dhcpinfo Yiaddr´ 
if [ $? -ne 0 ]; then 
        mcastif=´uname -n´ 
echo "Setting default 
interface for multicast: \c" 
/usr/sbin/route add -interface -netmask "" \ 
"" "$mcastif" 

For Solaris 8 OE, comment out the following lines in /etc/init.d/inetsvc:

if [ "$_INIT_NET_STRATEGY" = "dhcp" ]; then 
      mcastif='/sbin/dhcpinfo Yiaddr' || 

echo "Setting default IPv4 interface for multicast:" \ 
    "add net 224.0/4: gateway $mcastif" 

/usr/sbin/route -n add -interface "224.0/4" "$mcastif" \ 
>/dev/null) & 

After the appropriate lines are commented out, the system should be restarted.

Reducing inetsvc

Based on the recommendations made in this chapter, it is possible to construct a minimized /etc/init.d/inetsvc file that contains only the essential components. Quite a few sections of this file can be commented out including:

  • DHCP support

  • named startup support

  • Multicast support

By commenting out all of these entries, the number of active lines in the inetsvc file decreases from 152 to 3 lines. The following is what the resulting script looks like:


usr/sbin/ifconfig -au netmask + broadcast +
usr/sbin/inetd -s -t

Network Service Banners

Some Solaris OE network services provide information on the operating system version when connections are made. This information usually includes a text string indicating the name of the OS and its version. This information may be useful to attackers with exploit programs for specific OS releases. The Solaris OE provides a method to change these messages in an attempt to hide OS information.

To change banner messages for incoming Telnet and FTP connections, create the /etc/default/telnetd and /etc/default/ftpd files.

Add a line similar to the following:

BANNER="Generic OS" 

Insert the appropriate message for your environment.

It is possible to change the banner message that the sendmail process presents for incoming mail delivery connections. Search the /etc/mail/sendmail.cf file for the following line:

O SmtpGreetingMessage=$j Sendmail $v/$Z; $b 

Change it to:

O SmtpGreetingMessage=Mail Server Ready 

These techniques provide only minor additional security. There are methods to determine a system's operating system type and version on a network. Several network auditing tools use a technique called TCP/IP stack fingerprinting to determine the operating system and version.

  • + Share This
  • 🔖 Save To Your Account