mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-24 12:39:24 -05:00
minor
This commit is contained in:
parent
dfe8a569b6
commit
0228e87d47
6
debian/control
vendored
6
debian/control
vendored
@ -23,7 +23,7 @@ Description: enhances misc security settings
|
||||
deactivates TCP timestamps;
|
||||
deactivates Netfilter's connection tracking helper;
|
||||
.
|
||||
TCP time stamps (rfc 1323) allow for tracking clock
|
||||
TCP time stamps (RFC 1323) allow for tracking clock
|
||||
information with millisecond resolution. This may or may not allow an
|
||||
attacker to learn information about the system clock at such
|
||||
a resolution, depending on various issues such as network lag.
|
||||
@ -43,7 +43,7 @@ Description: enhances misc security settings
|
||||
.
|
||||
* the TCP protection against wrapped sequence numbers; however, to
|
||||
trigger a wrap, one needs to send roughly 2^32 packets in one
|
||||
minute: as said in rfc 1700, "The current recommended default
|
||||
minute: as said in RFC 1700, "The current recommended default
|
||||
time to live (TTL) for the Internet Protocol (IP) [45,105] is 64".
|
||||
So, this probably won't be a practical problem in the context
|
||||
of Anonymity Distributions.
|
||||
@ -55,7 +55,7 @@ Description: enhances misc security settings
|
||||
.
|
||||
Netfilter's connection tracking helper module increases kernel attack
|
||||
surface by enabling superfluous functionality such as IRC parsing in
|
||||
the kernel (!)
|
||||
the kernel. (!)
|
||||
.
|
||||
Hence, this package disables this feature by shipping the
|
||||
/etc/sysctl.d/nf_conntrack_helper.conf configuration file.
|
||||
|
Loading…
Reference in New Issue
Block a user