Re: TTL Examples - Jason Opperisano

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jason Opperisano <opie@817west.com>
To: netfilter@lists.netfilter.org
Subject: Re: TTL Examples
Date: Wed, 20 Apr 2005 21:29:14 -0400	[thread overview]
Message-ID: <20050421012914.GA26252@bender.817west.com> (raw)
In-Reply-To: <4266D877.3030201@riverviewtech.net>

On Wed, Apr 20, 2005 at 05:32:23PM -0500, Taylor, Grant wrote:
> If you 
> REALLY want to put a system in place and have it try to guess if there are 
> multiple clients behind a system you should probably look at the sequence 
> numbers that are coming out in packets too as a single system should have 
> sequence numbers that are incrementing higher, not necessarily in 
> sequential as in 123, 124, 125, as in the current sequence number should be 
> higher than the previous and the next sequence number should be larger than 
> the current.  The sequence numbers should not jump all over the scale as 
> this is another sign that there are multiple systems behind the firewall.  
> In fact quite often if you have enough sequence numbers you can even guess 
> fairly close as to how many systems are behind the firewall.

which is why many firewalls nowadays (the one we lovingly discuss on
this list not included) will randomize ISNs on the packets passing
through it.

-j

--
"Pillsbury Doughboy: Nothing says "I Love You" quite like
 Pill... hey! What the hell are you doing you crazy bitch?"
        --Family Guy

     prev parent reply	other threads:[~2005-04-21  1:29 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-20  6:31 TTL Examples hareram
2005-04-20 11:35 ` Georgi Alexandrov
2005-04-20 22:24   ` Taylor, Grant
2005-04-20 22:32 ` Taylor, Grant
2005-04-21  1:29   ` Jason Opperisano [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050421012914.GA26252@bender.817west.com \
    --to=opie@817west.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.