RE: identifying

["Davis, Scott" <Scott_Davis () troweprice com>]

I am not sure about the Pix, but Checkpoint running on Solaris or NT could
have different timeout values based on the OS. Also the administrator could
have modified the setting,  I know when we build firewalls, we modify the OS
config to reduce the timeout in order to reduce number of concurrent
connections. 

Thanks, 
Scott Davis
Internet Security Specialist
T.Rowe Price 
(410) 345-3153 Work

-----Original Message-----
From: Mr.P.Taylor [mailto:petert () imagine-sw com]
Sent: Wednesday, May 30, 2001 4:47 PM
To: PEN-TEST () securityfocus com
Subject: identifying 


if checkpoint uses a 60sec timeout for establishing a 3way and PIX
uses a 300sec timeout (which seems too large but it's all the info I could
find on it)
and Gauntlet uses ??? could you not just send
the intial syn wait the timeout value then try to complete the handshake?
After exceeding the timeout value would the socket not be closed and
would you not get a RST back thus identifying by timeout?