The default time for which a dynamically learnt Route entry in the routing table is 20mins (1200000ms)

To Display current Route holding time

To display the current time interval to hold a route entry

In Solaris 8/9/10

sunsolaris# ndd -get /dev/ip ip_ire_arp_interval
1200000

In earlier versions to Solaris 8

sunsolaris# ndd -get /dev/ip ip_ire_flush_interval

To modify the Route holding time 

This can be modified or reduced to a lower level. To modify the default time to say 15 mins

In Solaris 8/9/10

sunsolaris# ndd -set /dev/ip ip_ire_arp_interval 900000

In earlier versions to Solaris 8

sunsolaris# ndd -set /dev/ip ip_ire_flush_interval 900000

Solaris Operating Environment by default is configured to both accept and send  the ICMP Redirect messages. According to RFCs, only a router or a gateway device should send an ICMP Redirect message and any other hosts should only be able to receive the ICMP Redirects. If the Solaris server is not acting as a Router or a Gateway then sending ICMP Redirect message should be disabled. The same applies to accepting ICMP Redirect messages if the solaris server is not required to receive ICMP Redirect messages (say a single Router/Gateway network/subnets scenario) as a malicous hacker could send fake ICMP redirect messages to modify the routing table on the host and potentialy cause a Denial of Service attack.

Show and Disable ICMP Redirect message accept option

To see if accepting ICMP Redirects are enabled in Solaris,

In IPv4

root@solaris# ndd -get /dev/ip ip_ignore_redirect
0

In IPv6 then

root@solaris# ndd -get /dev/ip ip6_ignore_redirect
0

The “0″ indicates that the host is configured to accept ICMP Redirect messages and “1″ indicates it is being disabled

To disable the ICMP Redirect accept option,

In IPv4

root@solaris# ndd -set /dev/ip ip_ignore_redirect 1

In IPv6

root@solaris# ndd -set /dev/ip ip6_ignore_redirect 1

Show and Disable ICMP Redirect message send option

To see if sending ICMP Redirects are enabled in Solaris,

If you are using IPv4

root@solaris# ndd -get /dev/ip ip_send_redirects
1

If you are using IPv6 then

root@solaris# ndd -get /dev/ip ip6_send_redirects
1

The “1″ indicates that the host is configured to send ICMP Redirect messages and “0″ indicates it is being disabled

To disable the option,

In IPv4

root@solaris# ndd -set /dev/ip ip_send_redirects 0

In IPv6

root@solaris# ndd -set /dev/ip ip6_send_redirects 0

The above ndd -set commands dynamically update the ICMP Redirect send/receive options on the host. However, to ensure that the settings are applied at the boot time (say the next time when the server reboots) then edit the startup script /etc/rc2.d/S69inet and modify values accordingly.

Alternatively, you can download the nddconfig script and install on your server. This script can be used to adjust most of the ndd parameters for security purpose.

The script can be downloaded here (need an Sunsolve account)

http://www.sun.com/blueprints/tools/

To install the nddconfig script

Untar the downloaded nddconfig.tar file

root@solaris# tar -xvf nddconfig.tar

Copy the nddconfig file to /etc/init.d/ directory

root@solaris# cp nddconfig /etc/init.d/nddconfig

Change the file permissions to 744

root@solaris# chmod 744 /etc/init.d/nddconfig

Change the file ownership to root(user) and sys (grooup)

root@solaris# chown root:sys /etc/init.d/nddconfig

Create a hard link as follows:

root@solaris# ln /etc/init.d/nddconfig /etc/rc2.d/S70nddconfig

This should help.