Re: [Tails-dev] Ethtool & sysctl.conf hardening per Cryptost…

Delete this message

Reply to this message
Author: Dr. Killswitch, D.V.M.
Date:  
To: intrigeri
CC: pj, tails-dev
Subject: Re: [Tails-dev] Ethtool & sysctl.conf hardening per Cryptostorm
Intrigeri,

PJ is the one who has wrestled with stuff and who came up with the ethtool
parameters and the sysctl.conf. I've copied him on this, and I will make
sure this information gets conveyed to TAILS development in an orderly
fashion.

Briefly, a long time ago CPUs were much less capable and it made sense to
offload portions of the TCP/IP stack to network cards. These offloads have
been correlated with Duqu Bet's injection phase, as I recall it had to do
with the ability to sneak a 302 redirect into a TCP stream. Once the
ethtool parms and sysctl are put into play, it filters out a great deal of
trouble.

There are some before/after pcaps, I have not inspected them personally.
There is another complication concurrent with the ability to do 302
redirects - there are apparently a lot of odd glyph sets and weird css
flying around - intrusion payloads being injected mid-stream. The front
page for the Agora dark net market was found to vary greatly depending on
how one approached it, then the troubles spread to most of the other
markets.

This is a summary of what I know, I'll be reading the list daily, happy to
do whatever leg work is needed to better describe the problem, confirm the
solution(s), etc.

             -ks




On Mon, July 6, 2015 9:06 pm, intrigeri wrote:
> Hi,
>
>
> Dr. Killswitch, D.V.M. wrote (06 Jul 2015 15:07:40 GMT) :
>
>> Here are the parameters used for ethtool and the descriptions after
>> came from a system where I applied this.
>
> Is there any documentation available that explains the advantage and
> drawbacks of each such setting?
>
> Cheers,
> --
> intrigeri
>