On Fri, 2016-07-08 at 17:27 -0700, Yue Cao wrote:
> Hi Eric,
>
>
> Thank you for the email. After rethinking the suggested patch, our
> side-channel attack might still work.
>
>
> The main idea behind the patch is to change challenge_count lifetime
> from 1s to a random value in the range [0.5
From: Eric Dumazet
Yue Cao claims that current host rate limiting of challenge ACKS
(RFC 5961) could leak enough information to allow a patient attacker
to hijack TCP sessions. He will soon provide details in an academic
paper.
This patch increases the default limit from 100 to 1000, and adds
so
