On 8/14/2013 2:53 PM, Andrew Deason wrote: > For many of them, this isn't their problem, so I don't see much pressure > for them to upgrade or even realize that this is happening. The people > that notice are those that are generating the callback breaks, or the > server operators. Currently those generating the callback breaks can't > do anything about this, and the best the server operator can do is play > firewall whack-a-mole, which is a losing battle. That's why I think > doing something about this on the server side is valuable.
Clients that are behind a NAT with an old enough client are very sad because every time the port mapping drops they are assigned a new port number. The file server then attempts to contact them at the old port number and fails. In the meantime they experience a timeout. I certainly received plenty of complaints from work at home end users. But remember, the problem is not limited to NAT environments. The problem is true for clients connected through VPNs and those connecting through firewalls with stateful packet analysis and even those with locally installed firewall products depending on the configuration. The addresses in use are not a hint that there is a problem. Nor is there is guarantee that sending the packets in an attempt to elicit a response is likely to prevent the traffic flow from being blocked. I'm quite skeptical this will help in a majority of cases. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
