SegmentSmack Vulnerebility
"SegmentSmack" is yet another branded vulnerability, also known as CVE-2018–5390. It hit the "news" yesterday. Succesful exploitation may lead to a denial of service against a targeted system. At this point, not a lot is known about this vulnerability. But here are some highlights:
Linux Kernel 4.9 is vulnerable.
Older versions are not vulnerable. However, some Linux distributions like RedHat
ES 6 and 7 include the vulnerable code as they backported some of the 4.9
networking code into their kernels
An attacker should not be able to exploit this vulnerability using a spoofed IP
address. The attacker needs to first establish a TCP connection which is very
difficult with a spoofed address.
It is not known how much traffic the attacker will have to send. But likely not
more than a user would send in a normal TCP connection.
The attack can be launched against any exposed TCP service (Web, Mail, DNS...)
The vulnerable functions, tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(),
are used to deal with reassembling TCP segments. This likely implies that an
exploit would use many out of order or otherwise abnormal packets. But this is
just a guess at this point.
If you are vulnerable, your best bet is to update. There is likely not much else
you can do (e.g. firewall rules)