[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pps or other unknown upper bound?
On 11/17/2005 12:57:06 PM, Jon Hart wrote:
On Thu, Nov 17, 2005 at 12:34:53PM -0600, Kevin wrote:
> I think this is a key point -- the client is removing the quad from
> TIME-WAIT and sees it as eligible for reuse, meanwhile the firewall
> and/or the server still has this closed session state table entry in
> *WAIT state.
If I find out more, I'll be sure to let the list know.
Take a look at the RFC for TCP, it's in there.
I dealt with it in my firewall rules by not using state.
Regular old packet filtering works fine. But it is
ugly/less secure. I would love to see an elegant solution
but am unclear if there really is one conformant to the
Karl <[email protected]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein