Firewall Wizards mailing list archives
Re: Post connection SYN
From: Mikael Olsson <mikael.olsson () clavister com>
Date: Fri, 17 Oct 2003 15:45:12 +0200
Raghuveer wrote:
Hi, I would like to know how SPI-firewall/IDS would handle the following scenario. [connect from A:x -> B:y, restart A, connect again, same tuples]
Firewalls that track TCP state and/or sequence numbers will drop or reject the second connect attempt. Think that's bad? Well, somewhat, but even if the firewall _could_ somehow magically determine that this is a "nice" SYN and let it through, it wouldn't make one bit of difference. That fact is, B's TCP stack won't listen to such packets either. It'll reject those SYNs. This is why fixed source-port TCP-based protocols is a Bad Idea. -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Post connection SYN Raghuveer (Oct 17)
- Re: Post connection SYN Mikael Olsson (Oct 17)
- Re: Post connection SYN Paul Robertson (Oct 17)
- Re: Post connection SYN Mikael Olsson (Oct 17)
- Re: Post connection SYN Paul Robertson (Oct 17)
- Re: SYN flood protection strategies (Was: Post connection SYN) Mikael Olsson (Oct 17)
- Re: SYN flood protection strategies (Was: Post connection SYN) Paul Robertson (Oct 17)
- Re: SYN flood protection strategies (Was: Post connectionSYN) Mikael Olsson (Oct 17)
- Re: SYN flood protection strategies (Was: Post connection SYN) Chuck Swiger (Oct 17)
- Re: SYN flood protection strategies (Was: Post connection SYN) Paul Robertson (Oct 17)
- Re: SYN flood protection strategies (Was: Post connection SYN) Chuck Swiger (Oct 17)
- Re: Post connection SYN Mikael Olsson (Oct 17)