科技回声

9 条评论

espes将近 9 年前

demostration: <a href="https://www.youtube.com/watch?v=S4Ns5wla9DY" rel="nofollow">https://www.youtube.com/watch?v=S4Ns5wla9DY</a>paper: <a href="https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_cao.pdf" rel="nofollow">https://www.usenix.org/system/files/conference/usenixsecurit...</a>

grymoire1将近 9 年前

Apparently this command fixes the problem:echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >>/etc/sysctl.conf;sysctl -pI got this from <a href="http://www.isssource.com/fixing-an-internet-security-threat/" rel="nofollow">http://www.isssource.com/fixing-an-internet-security-threat/</a> but they had a typo

zx2c4将近 9 年前

Here's the commit for fixing this: <a href="https://git.zx2c4.com/linux/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758" rel="nofollow">https://git.zx2c4.com/linux/commit/?id=75ff39ccc1bd5d3c455b6...</a>

0x0将近 9 年前

Currently listed as vulnerable and unfixed in Debian: <a href="https://security-tracker.debian.org/tracker/CVE-2016-5696" rel="nofollow">https://security-tracker.debian.org/tracker/CVE-2016-5696</a>

caf将近 9 年前

What's interesting is that this is a protocol bug, not an implementation/software bug (in RFC 5961).It is intriguing to realize that the three information leakages are enabled by the three (and only three) conditions that trigger challenge ACKs...Indeed. It almost looks like an intentional back door.

评论 #12262130 未加载

attilagyorffy将近 9 年前

I've found this on isssource and am surprised that it has not spread like wildfire. If the claims are true then this is an issue that should be taken seriously. Posting here for discussion.

评论 #12260616 未加载

评论 #12260760 未加载

评论 #12262278 未加载

api将近 9 年前

Probably affects Android too since it uses the Linux kernel.Personally I consider this to be a mild to moderate vulnerability since under no circumstances should you ever trust a non-encrypted non-authenticated channel to be safe. TCP offers in-order delivery and decent integrity checking but otherwise offers absolutely no security guarantees at all. From a crypto point of view an authentication method like TCP sequence numbers should be considered "not even there."

评论 #12270881 未加载

p4bl0将近 9 年前

This strongly reminds me that Silence on the wire by Michal Zalewski, really is an excellent read.

dozzie将近 9 年前

Wasn't it fixed long, long ago? As I remember, kernel developers were fixing TCP sequence numbers at some point.

评论 #12260598 未加载

评论 #12260442 未加载

9 条评论

espes将近 9 年前

grymoire1将近 9 年前

zx2c4将近 9 年前

0x0将近 9 年前

Currently listed as vulnerable and unfixed in Debian: <a href="https://security-tracker.debian.org/tracker/CVE-2016-5696" rel="nofollow">https://security-tracker.debian.org/tracker/CVE-2016-5696</a>

caf将近 9 年前

评论 #12262130 未加载

attilagyorffy将近 9 年前

I've found this on isssource and am surprised that it has not spread like wildfire. If the claims are true then this is an issue that should be taken seriously. Posting here for discussion.

评论 #12260616 未加载

评论 #12260760 未加载

评论 #12262278 未加载

api将近 9 年前

评论 #12270881 未加载

p4bl0将近 9 年前

This strongly reminds me that Silence on the wire by Michal Zalewski, really is an excellent read.

dozzie将近 9 年前

Wasn't it fixed long, long ago? As I remember, kernel developers were fixing TCP sequence numbers at some point.

评论 #12260598 未加载

评论 #12260442 未加载

A TCP weakness in Linux systems allows network traffic hijack

9 条评论

A TCP weakness in Linux systems allows network traffic hijack

9 条评论