Dear Ts'o: Thank you for your polite explanation. I can figure out the reason of sequence number generation algorithm in linux owing to you. > Using MD5 and a random ISN merely degrades performance and provides > only a placebo-level increase in the net security of the system, while > decreasing the correctness of the TCP implementation. > I did not know that Using MD5 and random ISN descrease the correctness of the TCP implementation. Thank you. > And, of course, an attacker which is on the network patch between the > client and and the server can simply observe the sequence numbers, and > forge packets with the appropriate sequence numbers such that the > communication peers accepts the forged packet as real. The only real > way to fix this is to use real crypto. Certainly. Yours, Sincerely. -- --------------------------- Takeharu KATO E-mail: tk1219@alles.or.jp - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
