You are not logged in.
I was on a chat, when suddenly someone posted this https://thehackernews.com/2016/08/linux … cking.html. I don't know how authentic the article is, but everyone in the chat started freaking out. I'm not 100% certain if it's true, but I'd rather be safe than sorry. It's recommended that you modify sysctl.conf, which sounds fishy to me, as I don't see what sysctl has to do with TCP packets. Note that the majority of the users were running Debian.
Is this authentic and what should I do?
Offline
See https://www.mail-archive.com/netdev@vge … 18677.html
Just changing the limit is not without issues itself from further in the thread https://www.mail-archive.com/netdev@vge … 18862.html
Offline
This is already included in 4.7 kernel. If you're paranoid you can upgrade yourself, or just wait until it hits [core].
It's recommended that you modify sysctl.conf, which sounds fishy to me, as I don't see what sysctl has to do with TCP packets.
Of course you can tweak your TCP settings with sysctl. It's all documented here: https://www.kernel.org/doc/Documentatio … sysctl.txt
Setting tcp_challenge_ack_limit to 1billion seems like a overkill though. The fix mentioned above sets it to 1000 with some randomization so that the actual value is anything between 500 and 1500 (if I understood the code correctly).
Offline