Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-06-05 22:18:51 -04:00
Code Issues Projects Releases Packages Wiki Activity

comment out sack by default

Browse source 
https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/8?u=patrick
This commit is contained in:
Patrick Schleizer 2019-10-05 13:15:34 +00:00
parent 02096f8d7c
commit 8b4f2befd4
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
2 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
debian/control vendored
View file

@ -44,7 +44,8 @@ Description: enhances misc security settings
. .
* This package makes some data spoofing attacks harder. * This package makes some data spoofing attacks harder.
. .
* SACK is disabled as it is commonly exploited and is rarely used. * SACK can be disabled as it is commonly exploited and is rarely used by
commenting in settings in file /etc/sysctl.d/tcp_sack.conf.
. .
* This package disables the merging of slabs of similar sizes to prevent an * This package disables the merging of slabs of similar sizes to prevent an
attacker from exploiting them. attacker from exploiting them.

6
etc/sysctl.d/tcp_sack.conf
View file

@ -1,5 +1,5 @@
# Disables SACK as it is commonly exploited and likely not needed. # Disables SACK as it is commonly exploited and likely not needed.
# https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109 # https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109
net.ipv4.tcp_sack=0 #net.ipv4.tcp_sack=0
net.ipv4.tcp_dsack=0 #net.ipv4.tcp_dsack=0
net.ipv4.tcp_fack=0 #net.ipv4.tcp_fack=0