Hi, I am using an iptables 1.3.5 based setup and wonder if there are any tools or techniques available to prevent or mitigate the TCP RST spoofing issue (http://osvdb.org/displayvuln.php?osvdb_id=4030) I see elsewhere there has been suggestions of only accepting the RST if the sequence id is 1 more than the current, or providing some sort of challenge response (http://tools.ietf.org/html/draft-ietf-tcpm-tcpsecure-02#section-2.2). I don't believe netfilter uses either of these, so I am interested in hearing other peoples approaches to it. Regards, Mike
