Displaying 1 result from an estimated 1 matches for "bcd91217".
2004 Apr 23
2
use keep state(strict) to mitigate tcp issues?
Hi,
When deploying a BSD with IPF in at the network perimeter
and using rules like these:
pass in .. proto tcp ... keep state(strict)
it's possible to refuse tcp packets which arrive out of order.
This would increase the difficulty doing blind attack resets and blind
data injection attack, cause then you'd have to "guess" the exact expected
number. Checpoint has a similar