not sure ESTABLISHED TCP traffic will have ACK flag set always...
seberino at spawar.navy.mil
Fri Apr 8 17:57:24 CEST 2005
Firewall packet filter question.....
**After** setting up a TCP connection, it may seem to make
sense that ALL future packets would set the ACK flag.
(ACK is important in 2 way communication since both sides
need to constantly confirm //receipt// of _past_ packets.)
Therefore, you might think it would be a good idea to
set up you firewall to drop packets on ESTABLISHED
connections that don't have ACK bit set.
However, here is an apparent case where non-ACKs exist!!!...
1. One way traffic!!! --- sender has nothing to ACK!
2. One side sends LESS packets then the other! --
fast side doesn't have enough incoming to ACK either!
Agree? Why then do people say to drop non-ACK'd packets
as suspicious??.... I would think it would be common
for one side to send more packets then the other. I could
More information about the netfilter