TCP reset attacks and the linux kernel.

jludwig wralphie at
Wed May 12 13:56:54 UTC 2004

On Wed, 2004-05-12 at 03:31, Naoki wrote:
> Hi 'yall.
> I just read this, it details TCP 
> reset (RST or SYN) attacks and has me sufficiently worried
> enough to ask some questions.
> I checked out the list of kernel tunable parameters with "sysctl -a" and 
> found the option to disable window scaling but how do I change the 
> window size from the default 64k to say 16k?
> The next question is how can I set ( if it's not already ) my TCP stack 
> to randomize source ports?
> What does the Fedora community have to say in response to this 
> potentially large problem?
> Cheers!

I briefly scanned this article and this attack is known as a "man in the
middle" attack. From what I understand, this would require;

1) The attacker/cracker have direct access or have a zombie, be directly
connected,  to either the same subnet of either the sender or receiver.
In any case the attacker/cracker would have to, somehow, be aware of the

2) Long term and repetitive (S.A. a data link) connections are more
vulnerable to this attack.

3) Remember most compromises come from internal sources such as
downloaded trojans, worms, etc.
jludwig <wralphie at>

More information about the fedora-list mailing list