* Salvatore Bonaccorso <carnil@debian.org>, 2016-08-12, 17:35:
mitigation could be used as per https://lwn.net/Articles/696868/ .
This is behind paywall at the moment. The relevant part appears to be:
there is a mitigation available in the form of the tcp_challenge_ack_limit sysctl knob. Setting that value to something enormous (e.g. 999999999) will make it much harder for attackers to exploit the flaw.
-- Jakub Wilk