store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sat Aug 24, 2019 8:28 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: Quick note about blind TCP reset/injection attack released
Unread postPosted: Fri Aug 12, 2016 4:59 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4082
Location: Chantilly, VA
Just wanted to sent out a quick email about an attack against the Linux TCP stack published today that is making a lot of news.

TL;DR if you are using the ASL kernel, you're already protected from this.

Details
----------

http://www.cs.ucr.edu/~zhiyunq/pub/sec1 ... ffpath.pdf
https://lwn.net/SubscriberLink/696868/a511d1b0ea61d0c0/

Unlike other Linux kernels, including the stable and distribution kernels, the ASL kernel is already protected against this. Stable and distributions kernel (as of today, even though new stable kernels were released yesterday by Greg KH) do not have fixes included. All of our kernels have been fixed since July 10th (one month ago) and all fixes backported. This includes not only the basic fix of the increased global challenge ack limit and additional randomness, but also the addition of per-socket challenge ack rate limiting.

For those that arent using the latest ASL kernel, you can do this to address the issue:

echo 999999999 > /proc/sys/net/ipv4/tcp_challenge_ack_limit

Please let us know if you have any questions or concerns, and thank you again for supporting Atomicorp.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
 Post subject: Re: Quick note about blind TCP reset/injection attack releas
Unread postPosted: Wed Aug 17, 2016 3:07 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Sep 25, 2010 2:46 pm
Posts: 319
What is the ASL kernel version that is in reference with the fixes? Don't recall any kernel updates coming through in the last month on some of our ASL boxes.

Thanks.


Top
 Profile  
Reply with quote  
 Post subject: Re: Quick note about blind TCP reset/injection attack releas
Unread postPosted: Tue Aug 23, 2016 1:46 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Sep 25, 2010 2:46 pm
Posts: 319
Any update about the above post? Thanks.


Top
 Profile  
Reply with quote  
 Post subject: Re: Quick note about blind TCP reset/injection attack releas
Unread postPosted: Wed Aug 24, 2016 4:22 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4082
Location: Chantilly, VA
It was a kpatch to the kernel, applied automatically. No action required by you as long as you were using the ASL kernel.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
 Post subject: Re: Quick note about blind TCP reset/injection attack releas
Unread postPosted: Wed Aug 24, 2016 5:11 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Sep 25, 2010 2:46 pm
Posts: 319
Thanks. How does one check to make sure kpatches have been successfully applied to the running ASL kernel?


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group