Timothy Newsham says: > > I've only got one novel idea: instead of using tcp_iss directly > > for the SYN everytime a new TCP/IP connection is opened, send > > MD5(tcp_iss) [or maybe MD5(tcp_iss, time(NULL), ...)]. > > This sounds awefully expensive. One md5 operation for each > new passive or active connection. Compared to the draft I just wrote for the MD5 based Authentication Header for IPv4 which does an MD5 for each packet, this is very lightweight indeed. :-)