[tor-relays] TCP SACK PANIC type kernel vulnerabilities: logging some packets
Toralf Förster
toralf.foerster at gmx.de
Tue Jun 25 20:12:14 UTC 2019
Hi,
On 6/24/19 2:13 PM, tor at t-3.net wrote:
>
> As of last week there wasn't a new kernel out for our relay's distro
switch to Gentoo Linux :-)
> -A INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j LOG
> --log-prefix "TCP_SACK_PANIC: "
> -A INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP
Interesting - never thoughtm that iptables is able to do that - the doubled SYN is needed, right?
> Over the weekend we logged hits to this rule. I checked a few of the
> source hosts, and they were not relays at least as they are listed in
> https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1 .
Whilst I gave up loging IPs at all - why didn't you checked non-exit relays?
--
Toralf
PGP C4EACDDE 0076E94E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20190625/a3f56a5f/attachment.sig>
More information about the tor-relays
mailing list