I have a question about the statement below. Does the use of 'modulate state' really disguise the OS of computers behind your OpenBSD NAT/pf firewall box? I have not found this to be the case, but I don't know if this is because I'm using the FreeBSD port or not. Can someone clairify?
Thanks for your time. Aaron > The sequence number generation on many OSes is poor, allowing for > easier attacks, and often OS guessing. With keep state PF keeps > track of the 'stage' of connection setup/teardown and also > the CORRECT sequence numbers midway through a connection, blocking > inappropriate packets. With modulate state PF translates the > sequence numbers for ones that are more random, making insertion and > OS guessing more difficult (in fact the OS will looks like the best > one out there - OpenBSD :-) )
