Intrigeri, PJ is the one who has wrestled with stuff and who came up with the ethtool parameters and the sysctl.conf. I've copied him on this, and I will make sure this information gets conveyed to TAILS development in an orderly fashion.
Briefly, a long time ago CPUs were much less capable and it made sense to offload portions of the TCP/IP stack to network cards. These offloads have been correlated with Duqu Bet's injection phase, as I recall it had to do with the ability to sneak a 302 redirect into a TCP stream. Once the ethtool parms and sysctl are put into play, it filters out a great deal of trouble. There are some before/after pcaps, I have not inspected them personally. There is another complication concurrent with the ability to do 302 redirects - there are apparently a lot of odd glyph sets and weird css flying around - intrusion payloads being injected mid-stream. The front page for the Agora dark net market was found to vary greatly depending on how one approached it, then the troubles spread to most of the other markets. This is a summary of what I know, I'll be reading the list daily, happy to do whatever leg work is needed to better describe the problem, confirm the solution(s), etc. -ks On Mon, July 6, 2015 9:06 pm, intrigeri wrote: > Hi, > > > Dr. Killswitch, D.V.M. wrote (06 Jul 2015 15:07:40 GMT) : > >> Here are the parameters used for ethtool and the descriptions after >> came from a system where I applied this. > > Is there any documentation available that explains the advantage and > drawbacks of each such setting? > > Cheers, > -- > intrigeri > _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.