15 Aug 2018 – Linux kernel IP fragment re-assembly vulnerability

Vulnerability Note VU#641765 – 14 Aug 2018

Linux kernel IP fragment re-assembly vulnerable to denial of service

Cyber security guy includes myself really tired last few days. Found Linux kernel IP fragment re-assembly vulnerability today. It causes denial of service. It looks that computer appliances vendor not confirm this vulnerability on their product yet.
If you are really concern. Please review below parameters. You can do it manually to remediate this issue. If it works, please thank you to ultraman.

echo 393216 > /proc/sys/net/ipv4/ipfrag_low_thresh
echo 544288 > /proc/sys/net/ipv4/ipfrag_high_thresh

sysctl -w net.ipv4.ipfrag_low_thresh=393216
sysctl -w net.ipv4.ipfrag_high_thresh=544288

CERT technical articles for reference – https://www.kb.cert.org/vuls/id/641765

Cyber security technical information

15 Aug 2018 – Linux kernel IP fragment re-assembly vulnerability

antihackingonline.com