[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (OT kinda) Newly-discovered TCP flaw

On 2016-08-11, Bob Weber <bobrweber@gmail.com> wrote:
> The way to do it is to put the line:
>
> net.ipv4.tcp_challenge_ack_limit = 999999999
>
> in a file in the /etc/sysctl.d directory named xxx.conf (replace xxx with your
> preferred name).
>
> Then run "sysctl -p xxx.conf" and the new value is installed in the kernel
> tree.  My system had a value of 100 before I changed it.  At boot the file will
> be read so the new value will be used then also.

Yes, I have a README.sysctl file in the /etc/sysctl.d directory that
explains the process as you do (with certain precisions).

Simply using the command 'net.ipv4.tcp_challenge_ack_limit = 999999999'
as root sets the value, but does not survive a reboot. Running 'sysctl
-p' with no argument after having issued the above command does nothing
but reread '/etc/sysctl.conf' (and gives no output). 'sysctl -p
xxx.conf' echos the new value in xxx.conf.

> ...Bob
>
>


-- 
Même l’avenir n’est plus ce qu’il était. 
Paul Valéry
Reply to: