Quick note about blind TCP reset/injection attack released

Security annoucements of interest to the AtomiCorp community, such as vulnerabilities in third party applications.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Quick note about blind TCP reset/injection attack released

Unread post by mikeshinn »

Just wanted to sent out a quick email about an attack against the Linux TCP stack published today that is making a lot of news.

TL;DR if you are using the ASL kernel, you're already protected from this.

Details
----------

http://www.cs.ucr.edu/~zhiyunq/pub/sec1 ... ffpath.pdf
https://lwn.net/SubscriberLink/696868/a511d1b0ea61d0c0/

Unlike other Linux kernels, including the stable and distribution kernels, the ASL kernel is already protected against this. Stable and distributions kernel (as of today, even though new stable kernels were released yesterday by Greg KH) do not have fixes included. All of our kernels have been fixed since July 10th (one month ago) and all fixes backported. This includes not only the basic fix of the increased global challenge ack limit and additional randomness, but also the addition of per-socket challenge ack rate limiting.

For those that arent using the latest ASL kernel, you can do this to address the issue:

echo 999999999 > /proc/sys/net/ipv4/tcp_challenge_ack_limit

Please let us know if you have any questions or concerns, and thank you again for supporting Atomicorp.
Imaging
Forum Regular
Forum Regular
Posts: 346
Joined: Sat Sep 25, 2010 2:46 pm

Re: Quick note about blind TCP reset/injection attack releas

Unread post by Imaging »

What is the ASL kernel version that is in reference with the fixes? Don't recall any kernel updates coming through in the last month on some of our ASL boxes.

Thanks.
Imaging
Forum Regular
Forum Regular
Posts: 346
Joined: Sat Sep 25, 2010 2:46 pm

Re: Quick note about blind TCP reset/injection attack releas

Unread post by Imaging »

Any update about the above post? Thanks.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Quick note about blind TCP reset/injection attack releas

Unread post by mikeshinn »

It was a kpatch to the kernel, applied automatically. No action required by you as long as you were using the ASL kernel.
Imaging
Forum Regular
Forum Regular
Posts: 346
Joined: Sat Sep 25, 2010 2:46 pm

Re: Quick note about blind TCP reset/injection attack releas

Unread post by Imaging »

Thanks. How does one check to make sure kpatches have been successfully applied to the running ASL kernel?
Post Reply