From: grahn+nntp@snipabacken.se
On Wed, 2009-11-04, Noah Davids wrote:
> Jorgen Grahn wrote:
>> On Tue, 2009-11-03, Noah Davids wrote:
>>> Pascal Hambourg wrote:
>>>> Hello,
>>>>
>>>> Noah Davids a écrit :
>>>>> Can anyone suggest what type of device would rewrite sequence numbers in
>>>>> a connection.
>>>> Stateful firewalls and NAT devices.
>>> I thought of a NAT device but since the IP addresses and port numbers
>>> are unchanged it didn't seem likely. Are you suggesting that a NAT
>>> device might not rewrite addresses and port numbers?
>>>
>>> As far as a stateful firewall, I thought of that as well but I couldn't
>>> think of a reason why it would bother to rewrite the sequence numbers
>>> but leave everything else unchanged. Is there a reason?
>>
>> Don't know ... Whatever it is, it is stateful, and spends a lot of
>> resources on this. Your data must be valuable to this third party
>> somehow ...
>>
>> Does this happen on "popular" ports only, or on any TCP ports?
...
> The ports that this was first notice on where not your typical ports. I
> was trying to match up packets from both sides of the network to
> understand a performance issue. As I test I tried a connection to the
> echo port and saw the same behavior starting with the initial SYN packet.
So you haven't tried any of the "popular" ports? I guess I mean HTTP.
I can imagine evil men-in-the-middle to mess with HTTP only
(transparent-proxy-something), or with everything *but* HTTP (punish
people who use IP for more than "surfing the web").
I suppose this means your TCP connections also get broken if they stay
silent for more than N seconds. They must have some kind of timeout
so they don't run out of memory.
/Jorgen
--
// Jorgen Grahn O o .
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
