Message: previous - next
Month: August 2016

Workaround for serious TCP exploit

From: Felmon Davis <davisf@...>
Date: Wed, 10 Aug 2016 18:02:20 -0400 (EDT)

what must we who are using trinity do to avoid the tcp exploit?

I found the following instructions from L. Weinstein's privacy mail 
list but they don't corrrespond to anything in my sysctl.conf.


----- quote -----

Workaround for serious TCP exploit previously discussed

Here is the recommended workaround for Linux/Android clients/servers
for the serious TCP exploit discussed in:

This one will work for Ubuntu as is, and for various other Linux
distributions with suitable modifications. The point is to bump the
ACK limit way up. Note that some of the pages announcing this exploit
appear to be contaminated with browser hijack "fake technical support"
warning sites. Beware. Close your browser immediately if you hit one
if you can, otherwise reboot and don't restore crashed pages.

     The workaround for the TCP exploit:

         Open /etc/sysctl.conf, append a command:

            /net.ipv4/tcp_challenge_ack_limit = 999999999

         Use "sysctl -p" to update the configuration.

privacy mailing list