Oracle Linux ACK counter limit security flaw

Publish date:

Recently a new security flaw has been found in the main TCP/IP networking subsystemens of the Linux operating system. The 3.6 Linux kernel introduced a global challenge ACK counter limit in order to improve tcp’s robustness to blind in-window attacks as specified in RFC 5961. However, an attacker can use this global challenge ACK counter […]

Recently a new security flaw has been found in the main TCP/IP networking subsystemens of the Linux operating system. The 3.6 Linux kernel introduced a global challenge ACK counter limit in order to improve tcp’s robustness to blind in-window attacks as specified in RFC 5961. However, an attacker can use this global challenge ACK counter to infer the sequence and ack number of an off-path tcp connection.

When it comes to security, and especially security of servers and Linux servers one cannot always rely on patching only. People maintaining servers need to have a more thorough understanding of how the system works in the deeper layers.

Someone once stated, more and more people know less and less of computers. This is unfortunately true. This however only applies for a small portion of people maintaining vital Linux servers in enterprise (I hope). This also means that operators who maintain those systems are aware that they cannot only rely on patching and understand that sometimes the quickest way to secure a system again is changing configuration.

In case of this specific security issue you can secure your system again by applying changes to the sysctl config file. For more information on how to fix this security issue you can find the details in this personal blogpost.

 

Related Posts

sap

Security in SAP®

Plaban Sahoo
Date icon October 15, 2019

An overview of the concept of security and its supporting SAP applications.

Cybersecurity

Capgemini’s SOC proves itself within two weeks

jane
Date icon October 16, 2017

Even an organization that’s well protected with the right tools and the right processes in...

Biometric

Biometrics and the Era of Sensing Machines

Sankar Krishnan
Date icon May 15, 2017

In the age of the ubiquitous selfie, it was only a matter of time before the financial...

cookies.

By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.

Close

Close cookie information