Re: (OT kinda) Newly-discovered TCP flaw

To: debian-user@lists.debian.org
Subject: Re: (OT kinda) Newly-discovered TCP flaw
From: Gene Heskett <gheskett@shentel.net>
Date: Thu, 11 Aug 2016 12:16:30 -0400
Message-id: <[🔎] 201608111216.30257.gheskett@shentel.net>
In-reply-to: <[🔎] slrnnqp80d.67r.curty@einstein.electron.org>
References: <[🔎] slrnnqp80d.67r.curty@einstein.electron.org>

On Thursday 11 August 2016 11:55:56 Curt wrote:

> http://www.pcworld.com/article/3106180/security/use-the-internet-this-
>linux-flaw-could-open-you-up-to-attack.html?google_editors_picks=true
>
> Calling all experts: cause for concern?

I do not know if wheezy is/can be affected, however the fix promulgated 
by the link to the UCR announcement is wrong, at least for my wheezy 
install, in that when I investigated my machine, the dots in that 
string:

net.ipv4.tcp_challenge_ack_limit = 999999999

to add should be changed to forward slashes:

net/ipv4/tcp_challenge_ack_limit = 999999999

as that is the directory structure on this wheezy based machine, and then 
the following update command:

sysctl -p

works w/o error.  All done as root of course.

No clue if the fix works, I haven't been attacked that I am aware of.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

Follow-Ups:
- Re: (OT kinda) Newly-discovered TCP flaw
  - From: Dan Ritter <dsr@randomstring.org>
- Re: (OT kinda) Newly-discovered TCP flaw
  - From: Nicolas George <george@nsup.org>

References:
- (OT kinda) Newly-discovered TCP flaw
  - From: Curt <curty@free.fr>

Prev by Date: Re: (OT kinda) Newly-discovered TCP flaw
Next by Date: Re: Debian server for backups of Windows clients
Previous by thread: Re: (OT kinda) Newly-discovered TCP flaw
Next by thread: Re: (OT kinda) Newly-discovered TCP flaw
Index(es):
- Date
- Thread