Network stack hardening

[HulaHoopWhonix]

The AFWall dev has also created a sysctl configuration file that disables features of the kernel that are security and privacy risks. CopperheadOS can benefit by including them in releases:

https://github.com/ukanth/afwall/wiki/TCP-security#known-attacks

https://gist.github.com/CHEF-KOCH/0001e66a8c10b1177abe#file-tweaked-sysctl-conf

[thestinger]

CopperheadOS already makes TCP/IP configuration changes. It would make sense to do more, but the changes need to be justified. There's far too much going on in that configuration file, and most of it is performance tuning. It's also doing stuff like disabling IPv6 support which isn't sensible by default.

If there are specific configuration options that should be changed, that would make sense as individual issues.

[thestinger]

CopperheadOS already makes TCP/IP configuration changes. It would make sense to do more, but the changes need to be justified. There's far too much going on in that configuration file, and most of it is performance tuning. It's also doing stuff like disabling IPv6 support which isn't sensible by default.

If there are specific configuration options that should be changed, that would make sense as individual issues.

[HulaHoopWhonix]

For privacy you'll want to disable TCP timestamps that leak system uptime and make its traffic fingerprintable across different hotspots:

net.ipv4.tcp_timestamps = false

[HulaHoopWhonix]

For privacy you'll want to disable TCP timestamps that leak system uptime and make its traffic fingerprintable across different hotspots:

net.ipv4.tcp_timestamps = false