On Mon, Nov 11, 2002 at 01:34:03PM +0100, Richard Mueller wrote: > Any Ideas? I don't have any :-(
The snort box isn't replying to the packets, is it? If those packets reach its stack, the stack might try to forward them or reply with RSTs, thus disturbing the handshake (when such packets get back to the pf box). Can you tcpdump and look for replies, or block them from being sent by the snort box? Daniel
