Re: (OT kinda) Newly-discovered TCP flaw
Joe wrote:
> On Thu, 11 Aug 2016 20:31:37 +0100
> Lisi Reisz <lisi.reisz@gmail.com> wrote:
>
>
>>
>> I copied and pasted the commands exactly, and ran them as root, and
>> got an echo of net.ipv4.tcp_challenge_ack_limit = 999999999 in
>> response to the first and a blank return in response to the second.
>> I don't know the significance.
>>
>
> Go and read /proc/net/ipv4... and it should show the changed value.
>
> I believe the echo means it worked. I also believe it needs to be added
> to /etc/sysctl.conf (without the 'sysctl -p') to be redone on boot. It
> seems to affect every current Debian up to sid.
I don't see it in the /proc tree (kernel 4.6.4 on jessie)
# ls -1 /proc/net/ip*
/proc/net/ip6_flowlabel
/proc/net/ip_tables_matches
/proc/net/ip_tables_names
/proc/net/ip_tables_targets
/proc/net/ipv6_route
and on the firewall (2.6.26.2 wheezy)
sysctl -w net.ipv4.tcp_challenge_ack_limit=999999999
sysctl: cannot stat /proc/sys/net/ipv4/tcp_challenge_ack_limit: No such file
or directory
I don't understand if it is bad.
on the file server (kernel 3.2.0 jessie)
cat /proc/sys/net/ipv4/tcp_challenge_ack_limit
999999999
interesting ...
Do you have recommendations?
regards
Reply to: