I see I misread the instructions - the 'challenge_ack' line should be
ADDED to sysctl.conf.
f.
On Wed, 10 Aug 2016, Felmon Davis wrote:
Greets!
what must we who are using trinity do to avoid the tcp exploit?
I found the following instructions from L. Weinstein's privacy mail list but
they don't corrrespond to anything in my sysctl.conf.
Felmon
----- quote -----
Workaround for serious TCP exploit previously discussed
https://plus.google.com/+LaurenWeinstein/posts/gWSj2sYExoB
Here is the recommended workaround for Linux/Android clients/servers
for the serious TCP exploit discussed in:
https://threatpost.com/serious-tcp-bug-in-linux-systems-allows-traffic-hijacking/119804/
This one will work for Ubuntu as is, and for various other Linux
distributions with suitable modifications. The point is to bump the
ACK limit way up. Note that some of the pages announcing this exploit
appear to be contaminated with browser hijack "fake technical support"
warning sites. Beware. Close your browser immediately if you hit one
if you can, otherwise reboot and don't restore crashed pages.
The workaround for the TCP exploit:
Open /etc/sysctl.conf, append a command:
/net.ipv4/tcp_challenge_ack_limit = 999999999
Use "sysctl -p" to update the configuration.
_______________________________________________
privacy mailing list
https://lists.vortex.com/mailman/listinfo/privacy
--
Felmon Davis
Health nuts are going to feel stupid someday, lying in hospitals dying
of nothing.
-- Redd Foxx
---------------------------------------------------------------------
To unsubscribe, e-mail: trinity-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: trinity-users-help@xxxxxxxxxxxxxxxxxxxxxxxxxx
Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/
Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
