Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-08 16:15:08 -04:00
Code Issues Projects Releases Packages Wiki Activity

minor

Browse source
This commit is contained in:
Patrick Schleizer 2017-02-19 22:37:10 +00:00
parent dfe8a569b6
commit 0228e87d47
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
debian/control vendored
View file

@ -23,7 +23,7 @@ Description: enhances misc security settings
deactivates TCP timestamps; deactivates TCP timestamps;
deactivates Netfilter's connection tracking helper; deactivates Netfilter's connection tracking helper;
. .
TCP time stamps (rfc 1323) allow for tracking clock TCP time stamps (RFC 1323) allow for tracking clock
information with millisecond resolution. This may or may not allow an information with millisecond resolution. This may or may not allow an
attacker to learn information about the system clock at such attacker to learn information about the system clock at such
a resolution, depending on various issues such as network lag. a resolution, depending on various issues such as network lag.
@ -43,7 +43,7 @@ Description: enhances misc security settings
. .
* the TCP protection against wrapped sequence numbers; however, to * the TCP protection against wrapped sequence numbers; however, to
trigger a wrap, one needs to send roughly 2^32 packets in one trigger a wrap, one needs to send roughly 2^32 packets in one
minute: as said in rfc 1700, "The current recommended default minute: as said in RFC 1700, "The current recommended default
time to live (TTL) for the Internet Protocol (IP) [45,105] is 64". time to live (TTL) for the Internet Protocol (IP) [45,105] is 64".
So, this probably won't be a practical problem in the context So, this probably won't be a practical problem in the context
of Anonymity Distributions. of Anonymity Distributions.
@ -55,7 +55,7 @@ Description: enhances misc security settings
. .
Netfilter's connection tracking helper module increases kernel attack Netfilter's connection tracking helper module increases kernel attack
surface by enabling superfluous functionality such as IRC parsing in surface by enabling superfluous functionality such as IRC parsing in
the kernel (!) the kernel. (!)
. .
Hence, this package disables this feature by shipping the Hence, this package disables this feature by shipping the
/etc/sysctl.d/nf_conntrack_helper.conf configuration file. /etc/sysctl.d/nf_conntrack_helper.conf configuration file.