Re: [fw-wiz] Post connection SYN

From: Mikael Olsson (
Date: 10/17/03

  • Next message: Paul Robertson: "Re: [fw-wiz] Post connection SYN"
    To: Raghuveer <>
    Date: Fri, 17 Oct 2003 15:45:12 +0200

    Raghuveer wrote:
    > Hi,
    > I would like to know how SPI-firewall/IDS would handle the following
    > scenario.
    > [connect from A:x -> B:y, restart A, connect again, same tuples]

    Firewalls that track TCP state and/or sequence numbers will drop
    or reject the second connect attempt.

    Think that's bad? Well, somewhat, but even if the firewall _could_
    somehow magically determine that this is a "nice" SYN and let it
    through, it wouldn't make one bit of difference.

    That fact is, B's TCP stack won't listen to such packets either.
    It'll reject those SYNs. This is why fixed source-port TCP-based
    protocols is a Bad Idea.

    Mikael Olsson, Clavister AB
    Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
    Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
    Fax: +46 (0)660 122 50       WWW:
    firewall-wizards mailing list

  • Next message: Paul Robertson: "Re: [fw-wiz] Post connection SYN"