Re: TCP reset attacks and the linux kernel.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2004-05-12 at 03:31, Naoki wrote:
> Hi 'yall.
> 
> I just read this http://kerneltrap.org/node/view/3072, it details TCP 
> reset (RST or SYN) attacks and has me sufficiently worried
> enough to ask some questions.
> 
> I checked out the list of kernel tunable parameters with "sysctl -a" and 
> found the option to disable window scaling but how do I change the 
> window size from the default 64k to say 16k?
> 
> The next question is how can I set ( if it's not already ) my TCP stack 
> to randomize source ports?
> 
> 
> 
> What does the Fedora community have to say in response to this 
> potentially large problem?
> 
> Cheers!

I briefly scanned this article and this attack is known as a "man in the
middle" attack. From what I understand, this would require;

1) The attacker/cracker have direct access or have a zombie, be directly
connected,  to either the same subnet of either the sender or receiver.
In any case the attacker/cracker would have to, somehow, be aware of the
connection.

2) Long term and repetitive (S.A. a data link) connections are more
vulnerable to this attack.

3) Remember most compromises come from internal sources such as
downloaded trojans, worms, etc.
-- 
jludwig <wralphie@xxxxxxxxxxx>



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux