A group of researchers have discovered a serious vulnerability in TCP implementation on all Linux servers from 2012 (Linux kernel >=3.6).
It also applies to Android smartphones, tablets, smart TVs and basically all Linux based devices. OS X and Windows are not affected.
This vulnerability allows a remote attacker to terminate or inject code to any connection between two hosts, without having to be in a man-in-the-middle position. The attacker only needs to have an internet connection.
If you would like to read more, here is a link to an article describing the vulnerability:
https://thehackernews.com/2016/08/linux-tcp-packet-hacking.html
The full details of the research is linked here: https://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf
There is a very simple workaround that mitigates this attack, until a new patched kernel version is released.
To apply the workaround we recommend following these steps:
- Log in to the Linux instance and edit /etc/sysctl.conf
- Add the following line to the file: net.ipv4.tcp_challenge_ack_limit = 999999999
- Run: sysctl -p
For your convenience, we would like to propose performing these configuration changes along with the kernel update when it is released by our Cloud Experts.
The workaround doesn’t require a reboot, so there’s no expected downtime.
We urge you to apply the workaround at your earliest convenience to ensure your systems are safe from this vulnerability. For inquiries or scheduling your maintenance window please contact: [email protected]
Thank you,
Emind – Your Cloud Experts