OT -- stop IP address spoofing?

On Tue, 2004-11-23 at 05:05, Mark wrote:
> Hijack TCP sessions??
> In
> the old days, it was relatively easy to discover the exact formula by
> studying packets and TCP sessions. Today, most OS-es implement random
> sequence number generation, making it extremely difficult to predict them
> accurately.
The also try and use PAWS(Protection Against Wrapped Sequences), which
makes the space you have to guess within bigger and can be useful for
timestamping so you can compute rtt(round trip time)better.

I think many OSes won't let you use the window-scaling tcp option unless
you also use PAWS. In the long term I think that tcp connections that
don't use both PAWS and ecn should be have their transmit window capped
at 12k or so.

http://dmoz.org/Bookmarks/P/pollei/Misc._Computer_stuff/Explicit_Congestion_Notification/


-- 
http://dmoz.org/profiles/pollei.html
http://sourceforge.net/users/stephen_pollei/
http://www.orkut.com/Profile.aspx?uid=2455954990164098214
http://stephen_pollei.home.comcast.net/
GPG Key fingerprint = EF6F 1486 EC27 B5E7 E6E1  3C01 910F 6BB5 4A7D 9677

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features 
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

signature.asc
Description: This is a digitally signed message part