November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

Categories

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

A fatal flaw in TCP on Linux hijacks HTTPS connections. Here is the fix

A fatal flaw in TCP on Linux hijacks HTTPS connections. Here is the fix

If you are running Linux kernel 3.6 or newer, anyone in the world on a network that allows IP spoofing can hijack your encrypted communications in less than a minute, with a success rate of 90%.

Here is how to fix it.

Step 1. Open /etc/sysctl.conf in an editor.

Step 2. Add the line:

net.ipv4.tcp_challenge_ack_limit = 999999999

and save the file.

Step 3. At the prompt, use the shell command:

sysctl -p

This will update your configuration.

 

TCP_flaw-760x360

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>