If you are running Linux kernel 3.6 or newer, anyone in the world on a network that allows IP spoofing can hijack your encrypted communications in less than a minute, with a success rate of 90%.

Here is how to fix it.

Step 1. Open /etc/sysctl.conf in an editor.

Step 2. Add the line:

net.ipv4.tcp_challenge_ack_limit = 999999999

and save the file.

Step 3. At the prompt, use the shell command:

sysctl -p

This will update your configuration.