On Wed, 24 Sep 2008 11:23:28 -0400, Suresh Krishnan <[EMAIL PROTECTED]> wrote: > 1) Inside_Host(Port X)->Outside_Host(Port Y) SYN=1,ACK=0 > 2) Outside_Host(Port Y)->Inside Host(Port X) SYN=1,ACK=1 > 3) Inside_Host(Port X)->Outside_Host(Port Y) SYN=0,ACK=1 > > ... > > 99) Outside_Host(Port Y)->Inside Host(Port X) SYN=0,ACK=1 > (Fragment: OH(Port Z)->IH(Port 80) SYN=1,ACK=0) > > The packet numbered 99) will not be filtered even by a stateful firewall.
But then the dialog is established and a SYN=1 ACK=0 packet in the reverse direction is not really an issue. In fact some stateful firewalls may even allow the packet due to optimizations. -- Rémi Denis-Courmont -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
