Cloud Insidr

Cybersecurity in the Age of the Machine

Join us on Twitter: @CloudInsidr

Home news alerts A fatal flaw in TCP on Linux hijacks HTTPS connections. Here is the fix
A fatal flaw in TCP on Linux hijacks HTTPS connections. Here is the fix

Leave a Comment

A fatal flaw in TCP on Linux hijacks HTTPS connections. Here is the fix

If you are running Linux kernel 3.6 or newer, anyone in the world on a network that allows IP spoofing can hijack your encrypted communications in less than a minute, with a success rate of 90%.

Here is how to fix it.

Step 1. Open /etc/sysctl.conf in an editor.

Step 2. Add the line:

net.ipv4.tcp_challenge_ack_limit = 999999999

and save the file.

Step 3. At the prompt, use the shell command:

sysctl -p

This will update your configuration.

The TCP flaw: here's the fix
The TCP flaw: here’s the fix

Sources:

http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf

Leave a Reply

Your email address will not be published. Required fields are marked *