Gentoo Forums :: View topic - [Tip] How to mitigate DoS from CVE-2018-5391 kernel problem

[Tip] How to mitigate DoS from CVE-2018-5391 kernel problem

View unanswered posts
View posts from last 24 hours

Gentoo Forums Forum Index

Networking & Security

View previous topic :: View next topic

Author

Message

teika
Apprentice

Joined: 19 Feb 2011
Posts: 155
Location: YYYY-MM-DD, period. Have you ever used the Internet?

Posted: Thu Aug 16, 2018 4:40 am Post subject: [Tip] How to mitigate DoS from CVE-2018-5391 kernel problem

This debian page about CVE-2018-5391 suggests you to set:

net.ipv4.ipfrag_low_thresh = 196608
net.ipv6.ip6frag_low_thresh = 196608
net.ipv4.ipfrag_high_thresh = 262144
net.ipv6.ip6frag_high_thresh = 262144

You can do it by modifying /etc/sysctl.conf (see "man 8 sysctl"), or with:

Code:

#!/bin/dash

/bin/echo 196608 > /proc/sys/net/ipv4/ipfrag_low_thresh
/bin/echo 196608 > /proc/sys/net/ipv6/ip6frag_low_thresh
/bin/echo 262144 > /proc/sys/net/ipv4/ipfrag_high_thresh
/bin/echo 262144 > /proc/sys/net/ipv6/ip6frag_high_thresh

Don't ask me its meaning ;-) I only know how to achieve it.

The above page says it'll mitigate a kernel flaw that can lead to DoS.

Hope this helps. Best regards.

Display posts from previous:

	Gentoo Forums Forum Index Networking & Security	All times are GMT
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy