On Wed, 2004-05-12 at 03:31, Naoki wrote: > Hi 'yall. > > I just read this http://kerneltrap.org/node/view/3072, it details TCP > reset (RST or SYN) attacks and has me sufficiently worried > enough to ask some questions. > > I checked out the list of kernel tunable parameters with "sysctl -a" and > found the option to disable window scaling but how do I change the > window size from the default 64k to say 16k? > > The next question is how can I set ( if it's not already ) my TCP stack > to randomize source ports? > > > > What does the Fedora community have to say in response to this > potentially large problem? > > Cheers! I briefly scanned this article and this attack is known as a "man in the middle" attack. From what I understand, this would require; 1) The attacker/cracker have direct access or have a zombie, be directly connected, to either the same subnet of either the sender or receiver. In any case the attacker/cracker would have to, somehow, be aware of the connection. 2) Long term and repetitive (S.A. a data link) connections are more vulnerable to this attack. 3) Remember most compromises come from internal sources such as downloaded trojans, worms, etc. -- jludwig <wralphie@xxxxxxxxxxx>
