home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.protocols.tcp-ip      TCP and IP network protocols.      14,669 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 13,139 of 14,669   
   Noah Davids to Jorgen Grahn   
   Re: sequence number rewrite   
   05 Nov 09 04:11:56   
   
   From: ndav1@cox.net   
      
   Jorgen Grahn wrote:   
   > On Wed, 2009-11-04, Noah Davids wrote:   
   >> Jorgen Grahn wrote:   
   >>> On Tue, 2009-11-03, Noah Davids wrote:   
   >>>> Pascal Hambourg wrote:   
   >>>>> Hello,   
   >>>>>   
   >>>>> Noah Davids a écrit :   
   >>>>>> Can anyone suggest what type of device would rewrite sequence numbers in   
   >>>>>> a connection.   
   >>>>> Stateful firewalls and NAT devices.   
   >>>> I thought of a NAT device but since the IP addresses and port numbers   
   >>>> are unchanged it didn't seem likely. Are you suggesting that a NAT   
   >>>> device might not rewrite addresses and port numbers?   
   >>>>   
   >>>> As far as a stateful firewall, I thought of that as well but I couldn't   
   >>>> think of a reason why it would bother to rewrite the sequence numbers   
   >>>> but leave everything else unchanged. Is there a reason?   
   >>> Don't know ... Whatever it is, it is stateful, and spends a lot of   
   >>> resources on this.  Your data must be valuable to this third party   
   >>> somehow ...   
   >>>   
   >>> Does this happen on "popular" ports only, or on any TCP ports?   
   >   
   > ...   
   >   
   >> The ports that this was first notice on where not your typical ports. I   
   >> was trying to match up packets from both sides of the network to   
   >> understand a performance issue. As I test I tried a connection to the   
   >> echo port and saw the same behavior starting with the initial SYN packet.   
   >   
   > So you haven't tried any of the "popular" ports? I guess I mean HTTP.   
   >   
   > I can imagine evil men-in-the-middle to mess with HTTP only   
   > (transparent-proxy-something), or with everything *but* HTTP (punish   
   > people who use IP for more than "surfing the web").   
   >   
   > I suppose this means your TCP connections also get broken if they stay   
   > silent for more than N seconds. They must have some kind of timeout   
   > so they don't run out of memory.   
   >   
   > /Jorgen   
   >   
      
   We haven't noticed a timeout problem.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca