Re: help on fin_wait

Eric Schenk (eschenk@pc-37249.bc.rogers.wave.ca)
Tue, 21 Apr 1998 08:51:39 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alex Belits: "Re: unicode (char as abstract data type)"
Previous message: Andi Kleen: "Re: How to protect syscalls against bottom half ints?"
Maybe in reply to: Gerhard Kutzelnigg: "help on fin_wait"

Andi Kleen <ak@muc.de> writes:
>Linux circumvents the problem by using a MD5/SHA hash of
>(secret from random device, saddr, daddr, sport, dport,
> timestamp from realtime clock) to initialise the sequence numbers of new
>connections. That first makes TCP spoofing a lot more difficult and also
>has the nice effect of making sequence space collisions after crashes very
>unlikely.

Ah. No. When reconnecting with a remote machine after a crash our side
might have a fairly nice sequence number, but that says nothing about
the other end, especially if our side was the one that was in TIME_WAIT
at the end of the last connection. If your machine boots faster than
the timeout you risk replay/corruption errors on TCP sessions.

-- Eric Schenk www: http://www.loonie.net/~eschenk email: eschenk@loonie.net, eschenk@rogers.wave.ca

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu

Next message: Alex Belits: "Re: unicode (char as abstract data type)"
Previous message: Andi Kleen: "Re: How to protect syscalls against bottom half ints?"
Maybe in reply to: Gerhard Kutzelnigg: "help on fin_wait"