Decius wrote:
] Reknamorken wrote:
]
] ] Hrm... Why would the firewall mess with the sequence
] numbers?
] ] I guess it depends on the firewall. A PIX would, but a
] ] Checkpoint wouldn't, would it? I mean, the Layer 3+ stuff
] is
] ] all handled by the endpoints isn't it??
]
] You are correct that it depends. If anything, the checkpoint
] is going to be more trouble then the pix. Things like fragment
] reassembly and certain kinds of syn defender gateways may
] cause a little bit of trouble. Eitherway, you are definately
] going to have to sniff the outbound traffic from the online
] firewall because you are not going to make the same port
] number decisions when NATing unless you have a very tight
] algorithm for this and you can ensure (HA!) that both
] firewalls are getting all the packets in the SAME ORDER.

Ah. You're assuming NAT. I'm assuming a situation without NAT.

Anyway, it's interesting...

RE: Slashdot | Black Ops of TCP/IP: Paketto Keiretsu 1.0 Release