Cloud Insidr

Cybersecurity in the Age of the Machine

  • Subscribe!
  • Privacy Policy
  • Legal
  • Contact Us

Join us on Twitter: @CloudInsidr

  • news & alerts
    • events
    • industry analysis
    • industry gossip
    • people
  • cloud, edge & co.
    • AWS
    • administration & orchestration
      • web servers in the cloud
      • mail servers
      • databases
  • cybersec & warfare
    • encryption
  • blockchain
Home news alerts A fatal flaw in TCP on Linux hijacks HTTPS connections. Here is the fix
A fatal flaw in TCP on Linux hijacks HTTPS connections. Here is the fix

Cloud Insidr 2016-08-12 Leave a Comment

A fatal flaw in TCP on Linux hijacks HTTPS connections. Here is the fix

If you are running Linux kernel 3.6 or newer, anyone in the world on a network that allows IP spoofing can hijack your encrypted communications in less than a minute, with a success rate of 90%.

Here is how to fix it.

Step 1. Open /etc/sysctl.conf in an editor.

Step 2. Add the line:

net.ipv4.tcp_challenge_ack_limit = 999999999

and save the file.

Step 3. At the prompt, use the shell command:

sysctl -p

This will update your configuration.

The TCP flaw: here's the fix
The TCP flaw: here’s the fix

Sources:

http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf

Filed Under: alerts, cloud, edge and everything in between, cybersecurity and cyber warfare, encryption, Linux Tagged With: cyber security, Linux, TCP

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Join Cloud Insidrs!

Symantec Code Signing (200x200)

Tag Cloud

automation AWS Azure Azure Active Directory Azure Arc Azure Lighthouse Azure Resource Manager certbot certificate clickjacking cron CSRF cyber security DD-WRT DNS over HTTPS DoH domain firmware Gemalto HPKP HSTS IAM letsencrypt log logs MFA MITM Netgear network router SELinux time stamp tip Whois WiFi x509 XSS
Secure Site with EV (160x600)

Pearson Education (InformIT)

Pearson Education (Peachpit)

Thawte Code Signing (200x200)

  • Content purchasing and syndication