[ale] TCP_MD5
Chris Fowler
cfowler at outpostsentinel.com
Thu Aug 8 18:00:10 EDT 2013
I received an email in regards to a Linux system I have installed:
------------------------------------------------------------------------------------------------------
Enable TCP MD5 Signatures
Estimated time: 4 hours
Enable the TCP MD5 signature option as documented in RFC 2385. It was
designed to reduce the danger from certain security attacks
on BGP, such as TCP resets.
This will address the following issue: TCP Sequence Number Approximation
Vulnerability (tcp-seq-num-approximation).
Locate and fix vulnerable traffic inspection devices along the
route to the target
Estimated time: 12 hours
In many situations, target systems are, by themselves, patched or
otherwise unaffected by this vulnerability. In certain configurations,
however, unaffected systems can be made vulnerable if the path between
an attacker and the target system contains an affected and
unpatched network device such as a firewall or router and that device is
responsible for handling TCP connections for the target. In this
case, locate and apply remediation steps for network devices along the
route that are affected.
This will address the following issue: TCP Sequence Number Approximation
Vulnerability (tcp-seq-num-approximation).
------------------------------------------------------------------------------------------------------
Kernel Version: 2.6.38
In the kernel I have this enabled:
CONFIG_TCP_MD5SIG=y
It seems to me that this must be enabled for each application via the
setsockopt(2) using the TCP_MD5SIG option. For the programs I have
installed I would need to modify them and recompile.
Is this correct or is there a way to enable this on all TCP sockets?
Chris
More information about the Ale
mailing list