Hi Jason, Thanks for your observation. I'll try to investigate soon. Cheers, David On Thu, Nov 17, 2016 at 12:02:05PM -0500, Jason Ross wrote: > Hi David, > Thanks for the heads up! It turns out that my relay is in the list of > affected hosts, however, the kernel I was running (3.16.36-1+deb8u1) > is claimed by Debian to be fixed (see: > https://security-tracker.debian.org/tracker/CVE-2016-5696). > > Since your script determines whether the host is affected or not based > on the actual TCP comms (rather than banner grabbing a kernel version > or something), I'm not sure what to make of that - it would seem to > indicate that either the weighting you've devised doesn't fit Debian > hosts, or it could indicate perhaps that the patch Debian maintainers > applied to address the issue wasn't sufficient. I won't pretend to be > clueful enough about low-level TCP stack programming to be able to > tell for sure which is the case, but wanted to mention it in case > others see the same thing. > > For my part, I've since updated the kernel on my relay to > 3.16.36-1+deb8u2, and applied the sysctl work-around as an additional > measure. > I checked the ACK count using netstat both before and after, and have > included those results here: > > Before: > TCPChallengeACK: 1107 > TCPSYNChallenge: 7 > > After: > TCPChallengeACK: 2 > TCPSYNChallenge: 2 > > > Thanks! > > -- > Jason > > On Thu, Nov 17, 2016 at 2:30 AM, dawuud <dawuud@xxxxxxxxxx> wrote: > > > > Hi. > > > > I added the scan output to the repo, this includes the output csv file > > and a list of vulnerable relays: > > > > https://github.com/david415/scan_tor_rfc5961/blob/master/scan_archive/nov17_2016/probe_out.csv > > https://github.com/david415/scan_tor_rfc5961/blob/master/scan_archive/nov17_2016/vulnerable_tor_relays > > > > > > Upgrade your Linux kernel and reboot your tor relays! > > > > Cheers, > > David > > > > _______________________________________________ > > tor-relays mailing list > > tor-relays@xxxxxxxxxxxxxxxxxxxx > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > _______________________________________________ > tor-relays mailing list > tor-relays@xxxxxxxxxxxxxxxxxxxx > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays