Greets!
what must we who are using trinity do to avoid the tcp exploit?
I found the following instructions from L. Weinstein's privacy mail list but they don't corrrespond to anything in my sysctl.conf.
Felmon
----- quote -----
Workaround for serious TCP exploit previously discussed
https://plus.google.com/+LaurenWeinstein/posts/gWSj2sYExoB
Here is the recommended workaround for Linux/Android clients/servers for the serious TCP exploit discussed in:
https://threatpost.com/serious-tcp-bug-in-linux-systems-allows-traffic-hijac...
This one will work for Ubuntu as is, and for various other Linux distributions with suitable modifications. The point is to bump the ACK limit way up. Note that some of the pages announcing this exploit appear to be contaminated with browser hijack "fake technical support" warning sites. Beware. Close your browser immediately if you hit one if you can, otherwise reboot and don't restore crashed pages.
The workaround for the TCP exploit:
Open /etc/sysctl.conf, append a command:
/net.ipv4/tcp_challenge_ack_limit = 999999999
Use "sysctl -p" to update the configuration.
_______________________________________________ privacy mailing list https://lists.vortex.com/mailman/listinfo/privacy
I see I misread the instructions - the 'challenge_ack' line should be ADDED to sysctl.conf.
f.
On Wed, 10 Aug 2016, Felmon Davis wrote:
Greets!
what must we who are using trinity do to avoid the tcp exploit?
I found the following instructions from L. Weinstein's privacy mail list but they don't corrrespond to anything in my sysctl.conf.
Felmon
----- quote -----
Workaround for serious TCP exploit previously discussed
https://plus.google.com/+LaurenWeinstein/posts/gWSj2sYExoB
Here is the recommended workaround for Linux/Android clients/servers for the serious TCP exploit discussed in:
https://threatpost.com/serious-tcp-bug-in-linux-systems-allows-traffic-hijac...
This one will work for Ubuntu as is, and for various other Linux distributions with suitable modifications. The point is to bump the ACK limit way up. Note that some of the pages announcing this exploit appear to be contaminated with browser hijack "fake technical support" warning sites. Beware. Close your browser immediately if you hit one if you can, otherwise reboot and don't restore crashed pages.
The workaround for the TCP exploit:
Open /etc/sysctl.conf, append a command: /net.ipv4/tcp_challenge_ack_limit = 999999999 Use "sysctl -p" to update the configuration.
privacy mailing list https://lists.vortex.com/mailman/listinfo/privacy
sorry for the mess-up's but there was a syntax error; this is the line that should be added:
net.ipv4.tcp_challenge_ack_limit = 99999999
followed by executing
sysctl -p
not sure of the rationale and the effect.
f.
On Wednesday 10 August 2016 18:02:20 Felmon Davis wrote:
sysctl -p
sysctl: cannot stat /proc/sys//net.ipv4/tcp_challenge_ack_limit: No such file or directory
Do we need to restart something? Wheezy, trinity r14.04.
Ah, I see it s/b net/ipv4/tcp yadda. That works.
Cheers, Gene Heskett
On Wed, 10 Aug 2016 18:02:20 -0400 (EDT) Felmon Davis davisf@union.edu wrote:
what must we who are using trinity do to avoid the tcp exploit?
That exploit is kernel-level (nothing to do with Trinity, can be found even on headless servers). It's been corrected in kernel version 4.7, so build a new kernel if you're really worried, or follow your distro's instructions on what to do if they have any.
Personally, I'm not going to lose any sleep over it.
E. Liddell
-
E. Liddell -
Felmon Davis -
Gene Heskett