Re: [fw-wiz] Firewalls that generate new packets..



jdgorin@xxxxxxxxxxxx wrote:
I also remember that early Checkpoint firewalls broke FTP connection if the PORT
command and the PORT arguments were sent in differents packets (back in those
old times, some FTP gateway did that kind of tricks).
That was deep but not smart inspection!

That was a side effect of the fact that they didn't do TCP reassembly,
packet defragmentation, or re-ordering. I always figured that they were
just doing a case-independent compare for "PORT " at the beginning
of the packet data.

Heck of a "state" engine, huh?

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • PATCH: Remove file riowinif.h from rio driver (unused file)
    ... -/* The RUP (Remote Unit Port) structure relates to the Remote Terminal Adapters ... - CONFIG is sent from the driver to configure an already opened port. ... - Packet structure is same as OPEN. ... - of the specified port's RTA address space. ...
    (Linux-Kernel)
  • Re: General questions about Sockets
    ... > could I push it before I see the network slowing down and/or errors? ... Nagle/Delayed ACK interaction but you could confirm it with a packet ... > I can setup any port in my registry, but what would be the 'default' one I ... Google could confirm it. ...
    (microsoft.public.win32.programmer.networks)
  • Re: File Transfer and WinSock
    ... I have message types defined and a packet protocol that I use which may be ... You need to bind the winsock control to some port. ... this.Parent.SendConfirmation(lcMessageID, lnPacketNumber) ... SEEK lcMessageID + STR ...
    (microsoft.public.fox.programmer.exchange)
  • Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Executio
    ... maybe abit more about packet infos.. ... more when the author comes out with it wich is, possibly never, but, i ... wich the port opens, but this is undisclosed. ... I have looked at this and, you dont need to be udp... ...
    (Full-Disclosure)
  • Re: Please help me interpret a suspicious netstat SYN_SENT TCP port 1058 ?
    ... Your system initiated a connection. ... your computer sends a TCP packet with the SYN ... Process 912 on your system sent a packet from port 1058 ... hoping to connect to the web server running on port 80 ...
    (comp.security.firewalls)