Oracle Linux ACK counter limit security flaw

Publish date:

Recently a new security flaw has been found in the main TCP/IP networking subsystemens of the Linux operating system. The 3.6 Linux kernel introduced a global challenge ACK counter limit in order to improve tcp’s robustness to blind in-window attacks as specified in RFC 5961. However, an attacker can use this global challenge ACK counter […]

Recently a new security flaw has been found in the main TCP/IP networking subsystemens of the Linux operating system. The 3.6 Linux kernel introduced a global challenge ACK counter limit in order to improve tcp’s robustness to blind in-window attacks as specified in RFC 5961. However, an attacker can use this global challenge ACK counter to infer the sequence and ack number of an off-path tcp connection.

When it comes to security, and especially security of servers and Linux servers one cannot always rely on patching only. People maintaining servers need to have a more thorough understanding of how the system works in the deeper layers.

Someone once stated, more and more people know less and less of computers. This is unfortunately true. This however only applies for a small portion of people maintaining vital Linux servers in enterprise (I hope). This also means that operators who maintain those systems are aware that they cannot only rely on patching and understand that sometimes the quickest way to secure a system again is changing configuration.

In case of this specific security issue you can secure your system again by applying changes to the sysctl config file. For more information on how to fix this security issue you can find the details in this personal blogpost.

 

Related Posts

Cybersecurity

Capgemini’s SOC proves itself within two weeks

jane
Date icon October 16, 2017

Even an organization that’s well protected with the right tools and the right processes in...

Biometric

Biometrics and the Era of Sensing Machines

Sankar Krishnan
Date icon May 15, 2017

In the age of the ubiquitous selfie, it was only a matter of time before the financial...

How-to

Getting the best Oracle API information with Swagger and a pinch of NodeJS

Léon Smiers
Date icon January 11, 2017

This blogpost is about adding the last step in order to get insight in the Oracle PaaS API...

cookies.

By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.

Close

Close cookie information