Decius wrote: ] Reknamorken wrote: ] ] ] Hrm... Why would the firewall mess with the sequence ] numbers? ] ] I guess it depends on the firewall. A PIX would, but a ] ] Checkpoint wouldn't, would it? I mean, the Layer 3+ stuff ] is ] ] all handled by the endpoints isn't it?? ] ] You are correct that it depends. If anything, the checkpoint ] is going to be more trouble then the pix. Things like fragment ] reassembly and certain kinds of syn defender gateways may ] cause a little bit of trouble. Eitherway, you are definately ] going to have to sniff the outbound traffic from the online ] firewall because you are not going to make the same port ] number decisions when NATing unless you have a very tight ] algorithm for this and you can ensure (HA!) that both ] firewalls are getting all the packets in the SAME ORDER. Ah. You're assuming NAT. I'm assuming a situation without NAT. Anyway, it's interesting... RE: Slashdot | Black Ops of TCP/IP: Paketto Keiretsu 1.0 Release |