> So is he right, is his solution better than SYNcookies and there is
> something to be learned from his solution? Or does someone need to take
> him to school on the issue.
He isnt preserving the negotiated TCP MSS.
Other issues:
- If his ISN is the ip address then its a constant which is far worse than
random and also usable for replay attacks
[ie I dial up log the cookie, wait for you to get the same line - and I can
collect the dialup rack over time]
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
