Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

minor

Browse Source
This commit is contained in:
Patrick Schleizer 2017-02-19 22:37:10 +00:00
parent dfe8a569b6
commit 0228e87d47
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
debian/control vendored
View File

@ -23,7 +23,7 @@ Description: enhances misc security settings
deactivates TCP timestamps;
deactivates Netfilter's connection tracking helper;
.
TCP time stamps (rfc 1323) allow for tracking clock
TCP time stamps (RFC 1323) allow for tracking clock
information with millisecond resolution. This may or may not allow an
attacker to learn information about the system clock at such
a resolution, depending on various issues such as network lag.
@ -43,7 +43,7 @@ Description: enhances misc security settings
.
* the TCP protection against wrapped sequence numbers; however, to
trigger a wrap, one needs to send roughly 2^32 packets in one
minute: as said in rfc 1700, "The current recommended default
minute: as said in RFC 1700, "The current recommended default
time to live (TTL) for the Internet Protocol (IP) [45,105] is 64".
So, this probably won't be a practical problem in the context
of Anonymity Distributions.
@ -55,7 +55,7 @@ Description: enhances misc security settings
.
Netfilter's connection tracking helper module increases kernel attack
surface by enabling superfluous functionality such as IRC parsing in
the kernel (!)
the kernel. (!)
.
Hence, this package disables this feature by shipping the
/etc/sysctl.d/nf_conntrack_helper.conf configuration file.