TCP is working for hijackers,

TCP vs hijackers,

The vulnerability, CVE-2016-5696, lets attackers hijack plaintext communications between two devices communicating over TCP on the Internet.

The RFC 5961 spec is implemented in Linux kernel v 3.6 and later.

"This attack could be used to target long-lived back-end connections like database sessions or management and monitoring channels," said Craig Young, a computer security researcher for Tripwire's Vulnerability and Exposures Research Team.

"Since only one host in the connection needs to be vulnerable, it's also possible that websites which provide interactive sessions over a persistent HTTP tunnel would be targeted," he told Linux Insider.

Other targets are update servers used to replace firmware on embedded devices, and security cameras and smart appliances that maintain constant communications with a vendor's infrastructure.

Attackers only have to send spoofed packets to a targeted connection, hit the 100 ACK per second limit, and count the actual number of challenge ACKs received on that connection. If the number is less than 100, some challenge ACKS must have been sent over the connection as responses to the spoofed packets.

Two likely scenarios are of greatest concern, said Josh Bressers, a security strategist at Red Hat.

One is through a plain text connection and the second is a denial-of-service attack, he told Linux Insider.

" Bressers said,
The best defense is to eliminate the global challenge ACK count altogether, the researchers suggested, although it's possible the count could skyrocket.

Concerned users should think about possible ramifications before disrupting businesses to roll out patches, warned Adrian Sanabria, a senior security analyst at 451 Research.