Hi David,
Thanks for the heads up! It turns out that my relay is in the list of
affected hosts, however, the kernel I was running (3.16.36-1+deb8u1)
is claimed by Debian to be fixed (see:
https://security-tracker.debian.org/tracker/CVE-2016-5696).

Since your script determines whether the host is affected or not based
on the actual TCP comms (rather than banner grabbing a kernel version
or something), I'm not sure what to make of that - it would seem to
indicate that either the weighting you've devised doesn't fit Debian
hosts, or it could indicate perhaps that the patch Debian maintainers
applied to address the issue wasn't sufficient. I won't pretend to be
clueful enough about low-level TCP stack programming to be able to
tell for sure which is the case, but wanted to mention it in case
others see the same thing.

For my part, I've since updated the kernel on my relay to
3.16.36-1+deb8u2, and applied the sysctl work-around as an additional
measure.
I checked the ACK count using netstat both before and after, and have
included those results here:

Before:
TCPChallengeACK: 1107
TCPSYNChallenge: 7

After:
TCPChallengeACK: 2
TCPSYNChallenge: 2


Thanks!

--
Jason

On Thu, Nov 17, 2016 at 2:30 AM, dawuud <daw...@riseup.net> wrote:
>
> Hi.
>
> I added the scan output to the repo, this includes the output csv file
> and a list of vulnerable relays:
>
> https://github.com/david415/scan_tor_rfc5961/blob/master/scan_archive/nov17_2016/probe_out.csv
> https://github.com/david415/scan_tor_rfc5961/blob/master/scan_archive/nov17_2016/vulnerable_tor_relays
>
>
> Upgrade your Linux kernel and reboot your tor relays!
>
> Cheers,
> David
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Reply via email to