If you are running Linux kernel 3.6 or newer, anyone in the world on a network that allows IP spoofing can hijack your encrypted communications in less than a minute, with a success rate of 90%.
Here is how to fix it.
Step 1. Open /etc/sysctl.conf in an editor.
Step 2. Add the line:
net.ipv4.tcp_challenge_ack_limit = 999999999
and save the file.
Step 3. At the prompt, use the shell command:
sysctl -p
This will update your configuration.
Sources:
http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf
Leave a Reply