Patch for iptables (Linux firewall)

Malcolm malcolm.parsons at
Thu Oct 25 00:10:09 CEST 2007

On 24/10/2007, Stefan Sperling <stsp at> wrote:
> On Wed, Oct 24, 2007 at 09:58:26PM +0200, Stefan Sperling wrote:
> > No, and I was talking nonesense anyway since you cannot
> > spoof a TCP connection (which telnet requires).
> > You'd never get the ACK :)
> Mmmh on the other hand you might not care about the ACK.

You can open a TCP connection without receiving the ACK if you can reliably
guess the initial sequence number contained in the ACK.

Linux uses a good random number generator, so we're probably safe.

Malcolm Parsons

More information about the dslinux-devel mailing list