Brian;
Question in-line...
Brian Ford wrote:
>
> With the new TCP intercept feature, once the optional embryonic
> connection limit is reached, and
> until the embryonic connection count falls below this threshold,
> every SYN bound for the affected server is intercepted. For each SYN,
> PIX Firewall responds on behalf of the server with an empty SYN/ACK
Could you clarify what's meant by an "empty SYN/ACK"? Maybe this is a
standard term, and I was absent that day of TCP 101 class... I assume
it has something to do with sequence numbers.
> segment. PIX Firewall retains pertinent state
> information, drops the packet, and waits for the client's
> acknowledgement. If the ACK is received, then a copy of the client's
> SYN segment is sent to the server and the TCP three-way handshake is
> performed between PIX Firewall and the server. If and only if, this
> three-way handshake completes, may the connection resume as normal.
> If the client does not respond during any part of the
> connection phase, then PIX Firewall retransmits the necessary segment
> using exponential back-offs.
So assuming a client responds appropriately, is the pix doing some sort
of sequence number translation, or is this closer to, or actually,
(generically) proxying the connection?
Thanks,
Michael
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
