Displaying 1 result from an estimated 1 matches for "checpoint".
Did you mean:
checkpoint
2004 Apr 23
2
use keep state(strict) to mitigate tcp issues?
...rules like these:
pass in .. proto tcp ... keep state(strict)
it's possible to refuse tcp packets which arrive out of order.
This would increase the difficulty doing blind attack resets and blind
data injection attack, cause then you'd have to "guess" the exact expected
number. Checpoint has a similar feature (is that right?) which is
described here as the answer to the mentioned attacks:
http://www.checkpoint.com/techsupport/alerts/tcp_dos.html
Allthough this is nice, there is also the risk of breaking
connection because it's not unlikely that packets arrive out of order.
At...