Re: CONFIG_RANDOM option for 1.99.2

Theodore Y. Ts'o (tytso@mit.edu)
Thu, 16 May 1996 11:57:50 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: lilo: "Re: binfmt_java problems"
Previous message: John Henders: "Re: > 64 MB of RAM"
In reply to: lilo: "Re: Why not distribute Kernel and all related tools together"

From: Alan Cox <alan@cymru.net>
Date: Thu, 16 May 1996 09:40:56 +0100 (BST)

Is that true. You need monotonically increasing sequence space. We'd need to
make the MD5 part a small fragment of the sequence space (say 24bit) I
think ?

This idea isn't mine; it's actually Steve Bellovin's. The idea is that
each (local port, remote port, remote address) needs to have an
monotonically increasing sequence space. This is to prevent packets
from an old TCP connection from getting accepted as part of the new TCP
connection. However, there's no reason that two unrelated (local port,
remote port) sequences should have the same increasing sequence number
space. Hence, the kernel still keeps an initial seuquence number
counter, but for each (local port, remote port, remote address), you add
a 32 bit value which is derived by taking the MD5 of the above tuple
plus some initial random secret.

- Ted

Next message: lilo: "Re: binfmt_java problems"
Previous message: John Henders: "Re: > 64 MB of RAM"
In reply to: lilo: "Re: Why not distribute Kernel and all related tools together"