[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] network scan results for CVE-2016-5696 / rfc 5961



Hi Jason,

Thanks for your observation. I'll try to investigate soon.

Cheers,

David

On Thu, Nov 17, 2016 at 12:02:05PM -0500, Jason Ross wrote:
> Hi David,
> Thanks for the heads up! It turns out that my relay is in the list of
> affected hosts, however, the kernel I was running (3.16.36-1+deb8u1)
> is claimed by Debian to be fixed (see:
> https://security-tracker.debian.org/tracker/CVE-2016-5696).
> 
> Since your script determines whether the host is affected or not based
> on the actual TCP comms (rather than banner grabbing a kernel version
> or something), I'm not sure what to make of that - it would seem to
> indicate that either the weighting you've devised doesn't fit Debian
> hosts, or it could indicate perhaps that the patch Debian maintainers
> applied to address the issue wasn't sufficient. I won't pretend to be
> clueful enough about low-level TCP stack programming to be able to
> tell for sure which is the case, but wanted to mention it in case
> others see the same thing.
> 
> For my part, I've since updated the kernel on my relay to
> 3.16.36-1+deb8u2, and applied the sysctl work-around as an additional
> measure.
> I checked the ACK count using netstat both before and after, and have
> included those results here:
> 
> Before:
> TCPChallengeACK: 1107
> TCPSYNChallenge: 7
> 
> After:
> TCPChallengeACK: 2
> TCPSYNChallenge: 2
> 
> 
> Thanks!
> 
> --
> Jason
> 
> On Thu, Nov 17, 2016 at 2:30 AM, dawuud <dawuud@xxxxxxxxxx> wrote:
> >
> > Hi.
> >
> > I added the scan output to the repo, this includes the output csv file
> > and a list of vulnerable relays:
> >
> > https://github.com/david415/scan_tor_rfc5961/blob/master/scan_archive/nov17_2016/probe_out.csv
> > https://github.com/david415/scan_tor_rfc5961/blob/master/scan_archive/nov17_2016/vulnerable_tor_relays
> >
> >
> > Upgrade your Linux kernel and reboot your tor relays!
> >
> > Cheers,
> > David
> >
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays@xxxxxxxxxxxxxxxxxxxx
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays