TCP reset attacks and the linux kernel.
jludwig
wralphie at comcast.net
Wed May 12 13:56:54 UTC 2004
On Wed, 2004-05-12 at 03:31, Naoki wrote:
> Hi 'yall.
>
> I just read this http://kerneltrap.org/node/view/3072, it details TCP
> reset (RST or SYN) attacks and has me sufficiently worried
> enough to ask some questions.
>
> I checked out the list of kernel tunable parameters with "sysctl -a" and
> found the option to disable window scaling but how do I change the
> window size from the default 64k to say 16k?
>
> The next question is how can I set ( if it's not already ) my TCP stack
> to randomize source ports?
>
>
>
> What does the Fedora community have to say in response to this
> potentially large problem?
>
> Cheers!
I briefly scanned this article and this attack is known as a "man in the
middle" attack. From what I understand, this would require;
1) The attacker/cracker have direct access or have a zombie, be directly
connected, to either the same subnet of either the sender or receiver.
In any case the attacker/cracker would have to, somehow, be aware of the
connection.
2) Long term and repetitive (S.A. a data link) connections are more
vulnerable to this attack.
3) Remember most compromises come from internal sources such as
downloaded trojans, worms, etc.
--
jludwig <wralphie at comcast.net>
More information about the fedora-list
mailing list