From: m@rtij.nl.invlalid   
      
   On Tue, 03 Nov 2009 04:30:48 -0700, Noah Davids wrote:   
      
   > Can anyone suggest what type of device would rewrite sequence numbers in   
   > a connection.   
   >   
   > I have traces from both sides of a connection going between 2 systems 5   
   > hops apart. The packets have the same IP addresses, ports, IP ID values,   
   > packet length, and data. The one thing that is different are the   
   > sequence numbers. Each side sees a consistent set of sequence numbers so   
   > the connection progresses without problems but the sequence numbers are   
   > completely different at each host.   
   >   
   > It is almost as if there is a proxy between the two but I would expect a   
   > proxy to rewrite the ID values and possibly at least one of the IP   
   > addresses and port numbers.   
      
   Any firewall that tries to handle SYN floods by spoofing the connection   
   until the three way handshake is complete. Firewall-1 does this for   
   instance and I suspect others as well.   
      
   HTH,   
   M4   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)