Firewall Wizards mailing list archives
RE: FW Sequence Number based statefulness
From: Carson Gaspar <carson () taltos org>
Date: Mon, 14 May 2001 14:37:43 -0700
--On Monday, May 14, 2001 2:18 PM -0700 Peter Crocker <pcrocker () netscreen com> wrote:
window. (The window may use an appropriately selected fixed value, say 32 or 64K, rather than strictly monitoring the window. The implementation
No, it may not. If you do, you'll break large window support. You either must make it the largest legal scaled window (which makes for rather easy sequence spoofing), or you have to monitor the actual window negotiation, or (best) monitor the actual windows being transmitted.
-- Carson _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: FW Sequence Number based statefulness Peter Crocker (May 16)
- RE: FW Sequence Number based statefulness Nimesh vakharia (May 16)
- RE: FW Sequence Number based statefulness Carson Gaspar (May 16)
- RE: FW Sequence Number based statefulness Ofir Arkin (May 16)
- <Possible follow-ups>
- RE: FW Sequence Number based statefulness Nimesh vakharia (May 16)