Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Tip] How to mitigate DoS from CVE-2018-5391 kernel problem
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
teika
Tux's lil' helper
Tux's lil' helper


Joined: 19 Feb 2011
Posts: 112
Location: Teika rhymes w/ "Stay blur", not ψ̄

PostPosted: Thu Aug 16, 2018 4:40 am    Post subject: [Tip] How to mitigate DoS from CVE-2018-5391 kernel problem Reply with quote

This debian page about CVE-2018-5391 suggests you to set:

net.ipv4.ipfrag_low_thresh = 196608
net.ipv6.ip6frag_low_thresh = 196608
net.ipv4.ipfrag_high_thresh = 262144
net.ipv6.ip6frag_high_thresh = 262144

You can do it by modifying /etc/sysctl.conf (see "man 8 sysctl"), or with:
Code:
#!/bin/dash

/bin/echo 196608 > /proc/sys/net/ipv4/ipfrag_low_thresh
/bin/echo 196608 > /proc/sys/net/ipv6/ip6frag_low_thresh
/bin/echo 262144 > /proc/sys/net/ipv4/ipfrag_high_thresh
/bin/echo 262144 > /proc/sys/net/ipv6/ip6frag_high_thresh

Don't ask me its meaning ;-) I only know how to achieve it.

The above page says it'll mitigate a kernel flaw that can lead to DoS.

Hope this helps. Best regards.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum