Hi, Yet, the OS should perform cleanup by implementing a tcp timeout ( default 3600 seconds ). There are many protocols that doesn't send a FIN packet, yet they manage to terminate the session.
Regards, Leonard Ong Network Security Specialist, APAC NOKIA Email. [EMAIL PROTECTED] Mobile. +65 9431 6184 Phone. +65 6723 1724 Fax. +65 6723 1596 Hmm, I'm not an expert in this, but I do realize if the 4-way handshake for terminating a connection is not done properly, e.g. the user switched off his dial-up modem abruptly, it would cause the "stale/zombie" sessions described as above. The dial-up machine will not have the opportunity to send the FIN to your machine. You probably need to know the sequence number, source port, destination port as well as source IP and destination IP (which you should know).
