electroteque wrote:Excuse me its a kernel config fix. Which is the usual hardening requirement. ie
On the Ubuntu Linux family, for instance, you can fix it with the following steps:
1. Open /etc/sysctl.conf, with an editor, such as vim.
2. Enter the line:
net.ipv4.tcp_challenge_ack_limit = 999999999
3. Save the file
4. Use the shell command "sysctl -p" to update the configuration.
Partially correct. The old default was set at 100, and has been increased to 1000 in the proposed fix, not yet distributed in the UBNT kernel. This value can be modified from the command line.
Note the fix also adds an element of randomisation as well as simply increasing the limit for the number of challenge acks.
