BitNinja overcomes CVE-2016-5696 vulnerability
Nikoletta Szabo

BitNinja overcomes CVE-2016-5696 vulnerability

Nikoletta Szabo

CVE-2016-5696 Linux Kernel vulnerability has been recognized two weeks ago by some watchful researchers , who immediately informed the world of the Internet about the potential dangers waiting for them. This vulnerability can be exploited by an attack called with the umbrella term: “man in the middle attack” and is mainly conducted by off-path hackers. RedHat and many other companies informed their clients about the new foundings and described the issue the following way: ” Researchers have discovered a flaw in the Linux kernel’s TCP/IP networking subsystem implementation of the RFC 5961 challenge ACK rate limiting, that could allow an off-path attacker to inject payload into unsecured TCP connections.”

The Problem

TCP handles almost 90% of our data, so yes, we can feel ourselves increasingly in danger and exposed to the pernicious will of cybercriminals. If they take advantage from this, they can steal some serious details from our habitual data exchange.  We have found an excellent Patterns in the Void blog entry, where the first part explains the tiny little details of the possible exploit in such a way, it is understandable for the biggest laymen too. It is not only the high percentage of our data sent through TCP what makes the situation threatening, but the fact that 96,6% of Alexa top one million have Linux kernels. This number increases the significance of rapid decision-making  and shouts for instant solution.

The Solution

We have fascinating news for our past, present and future customers! BitNinja is able to overcome this vulnerability, as our developers made it able to catch and block the mischievous attackers who intend to harness this known weak point. Yesterday, (24 Aug) we released a new Bitninja version (1.11.29), which is officially and flawlessly tackling the issue. It is available for both, pro and free, versions.

Do you want to know more about the man-in-the-middle attack?

Watch this demo video, where they are displaying an off-path TCP attack through a side channel.

Read the original article written by the researchers who found  CVE-2016-5696, here.

Share your ideas with us about this article

Previous posts

IPv6 – Plaything of the vicious
Did you know that using IPv6 on your server can completely bypass all your security? On Linux, there are separate kernel stacks, and separate mechanisms to filter traffic for the original IPv4 traffic and for IPv6. The kernel module responsible for this filtration is called ipfilter, and there is an other module called ipfilter6 for IPv6 traffic filtration.     The bad news is, you can have any rules for IPv4, it won’t help you against IPv6 traffic. Recently there was a case where BitNinja’s general port honeypot module started to catch malicious packets on an interface...
Hydra: One of the most well-known bruteforce tools
The Kali Linux is an open source code operational system which is based in Debian. In the system we can find several „penetration” applications, such as: Aircrack-ng Hydra Nmap Wireshark Metasplot framework Maltego Owasp-Zap SQLMap John Burpsuite Johnny Pyrit SIPcrack PWdump Rainbowcrack Maskgen Hexinject SSLSniff Dsniff In this article, I am going to tell you more about the Hydra’s operation and elaborate on how the BitNinja provides protection against it. Hydra works as a bruteforce program and it is one of the best password cracking tools in th...