Mitigation
Since an attacker must be able to establish TCP sockets to affect the target, white-listing access to TCP services on critical systems and routers is the currently most effective means for mitigation. Using IPsec is also an effective mitigation.
According to the Cisco Response the current mitigation advice is to only allow trusted sources to access TCP-based services. This mitigation is particularly important for critical infrastructure devices. Red Hat has stated that "Due to upstream's decision not to release updates, Red Hat do not plan to release updates to resolve these issues; however, the effects of these attacks can be reduced." On Linux using iptables with connection tracking and rate limiting can limit the impact of exploitation significantly.
Read more about this topic: Sockstress
Famous quotes containing the word mitigation:
“Law is a thing which is insensible, and inexorable, more beneficial and more profitious to the weak than to the strong; it admits of no mitigation nor pardon, once you have overstepped its limits.”
—Titus Livius (Livy)