trinity-users@lists.pearsoncomputing.net

Message: previous - next
Month: August 2016

Re: (OT kinda) Newly-discovered TCP flaw

From: Gene Heskett <gheskett@...>
Date: Thu, 11 Aug 2016 15:06:26 -0400
On Thursday 11 August 2016 15:44:24 Doug wrote:

> On 08/11/2016 12:50 PM, Gene Heskett wrote:
> > On Thursday 11 August 2016 12:47:09 Nicolas George wrote:
> > CC:ing emc-developers, and trinity-users who may not yet be aware of
> > this tcp attack vector thats quite dangerous. And my post to
> > trinity-users was in error, so this corrects it.
> >
> >> Le quintidi 25 thermidor, an CCXXIV, Gene Heskett a écrit :
> >>> to add should be changed to forward slashes:
> >>
> >> You are wrong, sysctl supports both slashes and dots as separators.
> >>
> >> Regards,
> >
> > I changed it back Nicolas, and sysctl -p now returns:
> > root@coyote:/etc/init.d# sysctl -p
> > sysctl: cannot stat /proc/sys//net.ipv4.tcp_challenge_ack_limit: No
> > such file or directory
> >
> > Put the slashes back and I get this:
> > root@coyote:/etc/init.d# sysctl -p
> > .net.ipv4.tcp_challenge_ack_limit = 999999999
> >
> > Which  I assume is the correct response.  And yet the echo shows all
> > dots.
> >
> > WTH?  Ahh, my bad, no damned biscuit, an extra leading slash snuck
> > in. But if a dot and a slash are the same to sysctl, I should have a
> > file in the wrong place? But I do not. /net is empty. It is in the
> > right place now. And cats the correct value.
> >
> > Sorry about the confusion everybody.
> >
> > Cheers, Gene Heskett
>
> Running PCLOS. I put in the original command with dots. When I run
> sysctl.p from a root environment I get no response, but no error
> either. Don't know the significance of that.
>
> --doug

Neither do I Doug, sorry. See the announcement on /. today & read the 
link to the post from the guys that found it that is in the story, 
UCsomething IIRC, see below. A closer read may answer it.

<https://ucrtoday.ucr.edu/39030>

And please keep things like this on the list you read it from. A PM is 
unfair to the other readers of the list you read it on, so I'll cc the 
three lists it was cross posted to as it sounds pretty serious to me.

And I just noted that the sysctl command you quoted above is incorrect, 
its sysctl -p, not sysctl.p.

Maybe that helps?


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

powered by ezmlm-www (v1.4.5)