Created
June 18, 2019 03:31
-
-
Save chpwssn/e2d963444f55767a66d9477a7f201df4 to your computer and use it in GitHub Desktop.
SACK mitigation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Disable SACK | |
sudo sysctl -w net.ipv4.tcp_sack=0 | |
# Drop connections with an MSS less than 500 | |
sudo iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP | |
# Validate, should return: net.ipv4.tcp_mtu_probing = 0 | |
sysctl net.ipv4.tcp_mtu_probing |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Disable SACK | |
sysctl net.inet.tcp.sack.enable=0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Disable SACK | |
sudo sysctl -w net.ipv4.tcp_sack=0 | |
# Drop connections with an MSS less than 500 | |
sudo iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP | |
# Validate, should return: net.ipv4.tcp_mtu_probing = 0 | |
sysctl net.ipv4.tcp_mtu_probing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment