Hi, On Sun, Jan 23, 2022 at 05:10:42PM +0100, james list wrote: > I suspect the current Cisco implementation does not change MSS because the > syn-ack does not contain the MSS option.
If there is no MSS option, nothing can be adjusted - one would need extra
code to *add* such an option, which is more complex than "change one
number and adjust the checksum".
So, get your firewall vendor to fix their SYN-ACK-spoofing code.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
