I have a question regarding Parrot OS and the security of the default network configuration in regards to VPNs. The release of CVE-2019-14899 earlier this week asserts that there is a technique that can work against OpenVPN, WireGuard, and IKEv2/IPSec by exploiting some Linux distributions default network configuration.
Here is a link describing the issue.
To quote from the link, “This attack did not work against any Linux distribution we tested until the release of Ubuntu 19.10, and we noticed that the rp_filter settings were set to “loose” mode. We see that the default settings in sysctl.d/50-default.conf in the systemd repository were changed from “strict” to “loose” mode on November 28, 2018, so distributions using a version of systemd without modified configurations after this date are now vulnerable. Most Linux distributions we tested which use other init systems leave the value as 0, the default for the Linux kernel.”
Since this issue relates to the default network configuration, rp_filter, and effects many distros, I wonder if Parrot is effected by this?
Would editing sysctl.conf and uncommenting the lines regarding rp_filter offer protection and harden the default network configuration against this?