I see I misread the instructions - the 'challenge_ack' line should be 
ADDED to sysctl.conf.

f.

On Wed, 10 Aug 2016, Felmon Davis wrote:

> Greets!
>
> what must we who are using trinity do to avoid the tcp exploit?
>
> I found the following instructions from L. Weinstein's privacy mail list but 
> they don't corrrespond to anything in my sysctl.conf.
>
> Felmon
>
> ----- quote -----
>
> Workaround for serious TCP exploit previously discussed
>
> https://plus.google.com/+LaurenWeinstein/posts/gWSj2sYExoB
>
> Here is the recommended workaround for Linux/Android clients/servers
> for the serious TCP exploit discussed in:
>
> https://threatpost.com/serious-tcp-bug-in-linux-systems-allows-traffic-hijacking/119804/
>
> This one will work for Ubuntu as is, and for various other Linux
> distributions with suitable modifications. The point is to bump the
> ACK limit way up. Note that some of the pages announcing this exploit
> appear to be contaminated with browser hijack "fake technical support"
> warning sites. Beware. Close your browser immediately if you hit one
> if you can, otherwise reboot and don't restore crashed pages.
>
>    The workaround for the TCP exploit:
>
>        Open /etc/sysctl.conf, append a command:
>
>           /net.ipv4/tcp_challenge_ack_limit = 999999999
>
>        Use "sysctl -p" to update the configuration.
>
> _______________________________________________
> privacy mailing list
> https://lists.vortex.com/mailman/listinfo/privacy
>

-- 
Felmon Davis

Health nuts are going to feel stupid someday, lying in hospitals dying
of nothing.
 		-- Redd Foxx