Atomicorp

What table in iptables is the mss rule added to? At present, after enabling, I'm not seeing a rule added (restarted the firewall, ran asl -s -f, rebooted the box etc., all the usuals JIC to make sure it was active).

Thanks. The wiki could use an update as it has: === FW_MSS_DROP === Note: This option is available in ASL 4.x and up. This will detect and drop packets that have an invalid MSS. Default: no https://wiki.atomicorp.com/wiki/index.php/ASL_firewall#FW_MSS_DROP versus === FW_MSS_DROP === Note: This optio...

Mike:

Thanks for the explanation. From what I recall the MSS setting defaults to no on a fresh ASL install so many may not have it enabled. Perhaps it should default to yes moving forward?

Are the SACK panic related vulnerabilities an issue with ASL kernels? If not, which versions are immune? If so, when is an update expected?

Thanks!

Great, thanks for the clarification.

For the announcement post about the new machine learning features at: https://forums.atomicorp.com/viewtopic.php?f=8&t=8843 it notes: "You don't need to do anything to take advantage of this feature if you're an ASL or OSSEC customer, this new capability is enabled in these products automat...

FYI, ClamAV 0.101.2 is out:

https://blog.clamav.net/2019/03/clamav- ... -have.html

with security fixes.

Could you please update both the ASL and Atomic repo packages?

Thanks.

FYI, ClamAV 0.101.1 is out:

https://blog.clamav.net/2019/01/clamav- ... eased.html

The release appears to primarily be a patch/bug fix release.

Could you please update both the ASL and Atomic repo packages?

Thanks.

FYI, ClamAV 0.101.0 is out:

https://blog.clamav.net/2018/12/clamav- ... eased.html

The release appears to primarily be a bug fix/feature release.

Could you please update both the ASL and Atomic repo packages?

Thanks.

FYI, ClamAV 0.100.2 is out:

https://blog.clamav.net/2018/10/clamav- ... eased.html

with both bug and security fixes.

Could you please update both the ASL and Atomic repo packages?

Thanks.

Mike:

Thanks for the clarification. I'd previously thought that the mention of the IP limit at Cloudflare was due to the shunned IPs building up over time as they weren't being removed at Cloudflare (making it likely that the overall limit would be reached).

Mike:

Has there been consideration for adding removal code as well? Perhaps a periodic function that would remove IPs that were X days old would help with the issue of the IP buildup over time?

Thanks for getting the updates posted for both the ASL and atomic repos!

Mike:

Thanks. Helpful to know for the boxes that run the ASL kernel (but would still be a concern for boxes that can't run the ASL kernel and for rules only boxes).

FYI, ClamAV 0.100.1 is out:

https://blog.clamav.net/2018/07/clamav- ... eased.html

with security fixes.

Could you please update both the ASL and Atomic repo packages?

Thanks.