Re: [fw-wiz] Post connection SYN
From: Mikael Olsson (mikael.olsson_at_clavister.com)
To: Raghuveer <firstname.lastname@example.org> Date: Fri, 17 Oct 2003 15:45:12 +0200
> I would like to know how SPI-firewall/IDS would handle the following
> [connect from A:x -> B:y, restart A, connect again, same tuples]
Firewalls that track TCP state and/or sequence numbers will drop
or reject the second connect attempt.
Think that's bad? Well, somewhat, but even if the firewall _could_
somehow magically determine that this is a "nice" SYN and let it
through, it wouldn't make one bit of difference.
That fact is, B's TCP stack won't listen to such packets either.
It'll reject those SYNs. This is why fixed source-port TCP-based
protocols is a Bad Idea.
-- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com _______________________________________________ firewall-wizards mailing list email@example.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards