Apparently people are exploiting this in the wild. https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
CeroWrt - if anyone is still running it, does have a web server that might be vulnerable, same for the ssh port. openwrt as well, well... *Anybody* with an exposed tcp server of just about any sort on freebsd or linux seems vulnerable to the first bug, which causes a kernel panic. Ironically I had been pushing over on ecn-sane to experiment with lowering the MSS to keep signal strength up in highly congested scenarios. Apparently, someone found another use for the idea. There is an iptables workaround,, documented here: https://forum.openwrt.org/t/sack-panic-multiple-tcp-based-remote-denial-of-service-vulnerabilities/39028/7 I remember the "ping O death" which cost me christmas in the early 90s. I've been watching the patches to the kernel land and wishing I was somewhere else. -- Dave Täht CTO, TekLibre, LLC http://www.teklibre.com Tel: 1-831-205-9740 _______________________________________________ Bloat mailing list [email protected] https://lists.bufferbloat.net/listinfo/bloat
