On Wed, Mar 22, 2000 at 02:25:16AM +1100, Darren Reed wrote:
>
> The general gist of this problem is poorly implemented TCP connection
> state tracking. You *must* track window sizes and sequence numbers
> and acknowledgments to at least reduce the chance of any given TCP
> packet from "outside" actually being part of that connection.
>
The current implementation of this in IPfilter will be covered in
a paper that is due for SANE2000 (http://www.nluug.nl/events/sane2000/).
The submitted paper can be found at
http://www.iae.nl/users/guido/papers/tcp_filtering.ps.gz
Comments are welcome!
-Guido