On Fri, Jun 07, 2002 at 11:42:08AM +0200, Mikkel Christiansen wrote: > Hi > > I'm still not sure I quite understand what actions an > ACK packet from an unregistered connection causes when > running in connection-pickup mode. Mainly, I'm interested > in knowing whether it causes a new connection to be > registered in the connnection table or not?
yes, of course, it causes a new conntrack table entry to be created. the entry will be UNREPLIED. So in case the other end behind the firewall will reply with an ACK packet, we call the connection ESTABLISHED. In case we run out of conntrack entries, the UNREPLIED entries are deleted, because they _could_ be from an ACK scan. > Thanks for all the feedback - atleast to us - this is > a quite interesting discussion. ... a discussion which has happened multiple times before. look in the mailinglist archives and search for conntrack entries with high timeount and UNREPLIED state. > -Mikkel -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)
