Hello!
> If you (or anyone) could point my for some more information, I'd greatly
> appreciate it.
Well, as rule it is easy to understand looking at tcpdumps.
I cannot enumerate all the ways, how broken firewalls mangle packets
with tcp options. For now I remember:
1. Deleting all the options (in principle, it is OK), but forgetting to adjust
tcp header length.
1a. When options are present, tcp header length is reset to 20 bytes. 8)
2. Deleting options and forgetting to update checksum.
3. Deleting options _sometimes_ guided by an unknown criteria.
4. When NATing, checksum was updated wrongly in packets with tcp options.
Seems, those firewalls, which "improve" tcp stream by mangling tcp window
or by filtering ACKs are broken all without exceptions. (It is joke,
I simply cannot hear about "good" exemplars physically.)
Alexey
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
