[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pps or other unknown upper bound?

On 11/17/2005 12:57:06 PM, Jon Hart wrote:
On Thu, Nov 17, 2005 at 12:34:53PM -0600, Kevin wrote:
> I think this is a key point -- the client is removing the quad from
> TIME-WAIT and sees it as eligible for reuse, meanwhile the firewall
> and/or the server still has this closed session state table entry in
> *WAIT state.

If I find out more, I'll be sure to let the list know.

Take a look at the RFC for TCP, it's in there.

I dealt with it in my firewall rules by not using state.
Regular old packet filtering works fine.  But it is
ugly/less secure.  I would love to see an elegant solution
but am unclear if there really is one conformant to the
TCP standard.

Karl <[email protected]>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein