SACKED - CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479

home | blog | Terrible people and places | Covid-19 links | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts

/proc/sys/net/ipv4/tcp_sack - TCP Selective Acknowledgements. They can    
reduce retransmissions, however make servers more prone to DDoS Attacks   
and increase CPU utilization.

Uh, so what did Netflix to, read the kernel documentation?
Good advice from Suse:
Give this a shot if you find you need relief (with a trade-off):
echo 0 > /proc/sys/net/ipv4/tcp_sack