Mangling TOS, or Precedence/SecurityOpts/Compartment?
kadlec at blackhole.kfki.hu
Sat Oct 29 19:19:44 CEST 2005
On Fri, 28 Oct 2005 karl at klxsystems.net wrote:
> For the purposes of analysis, a third Invisible Analysis machine is
> placed between Systems #1 and 2, and is cabled as shown in Figure 1, it
> has two Ethernet ports, and in general acts like a bridge in that it
> possesses a Bypass Card, which allows the Tool Server and the Controller
> Machine to pass traffic through its two Ethernet ports.
> One of the features of the Bypass card it contains, is that it physically
> shunts the copper Ethernet connections together when, say, power is cut.
Why do you use NAT on the analysis machine if you go into the trouble to
create such a specific card to mimic a direct-connected network?
Why do you want to play with the IP predecence field if you have got TCP
sequence number problems?
Why should the analysis machine terminate/initialize the TCP connections,
if it's a bridged setup and you can shunt/unshunt the cabling as you
Sorry, but the whole purpose of the setup and what you do is totally
unclear for me.
E-mail : kadlec at blackhole.kfki.hu, kadlec at sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
More information about the netfilter