I see I misread the instructions - the 'challenge_ack' line should be ADDED to sysctl.conf. f. On Wed, 10 Aug 2016, Felmon Davis wrote: > Greets! > > what must we who are using trinity do to avoid the tcp exploit? > > I found the following instructions from L. Weinstein's privacy mail list but > they don't corrrespond to anything in my sysctl.conf. > > Felmon > > ----- quote ----- > > Workaround for serious TCP exploit previously discussed > > https://plus.google.com/+LaurenWeinstein/posts/gWSj2sYExoB > > Here is the recommended workaround for Linux/Android clients/servers > for the serious TCP exploit discussed in: > > https://threatpost.com/serious-tcp-bug-in-linux-systems-allows-traffic-hijacking/119804/ > > This one will work for Ubuntu as is, and for various other Linux > distributions with suitable modifications. The point is to bump the > ACK limit way up. Note that some of the pages announcing this exploit > appear to be contaminated with browser hijack "fake technical support" > warning sites. Beware. Close your browser immediately if you hit one > if you can, otherwise reboot and don't restore crashed pages. > > The workaround for the TCP exploit: > > Open /etc/sysctl.conf, append a command: > > /net.ipv4/tcp_challenge_ack_limit = 999999999 > > Use "sysctl -p" to update the configuration. > > _______________________________________________ > privacy mailing list > https://lists.vortex.com/mailman/listinfo/privacy > -- Felmon Davis Health nuts are going to feel stupid someday, lying in hospitals dying of nothing. -- Redd Foxx