> So is he right, is his solution better than SYNcookies and there is > something to be learned from his solution? Or does someone need to take > him to school on the issue. He isnt preserving the negotiated TCP MSS. Other issues: - If his ISN is the ip address then its a constant which is far worse than random and also usable for replay attacks [ie I dial up log the cookie, wait for you to get the same line - and I can collect the dialup rack over time] Alan - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
