opie at 817west.com
Thu Apr 21 03:29:14 CEST 2005
On Wed, Apr 20, 2005 at 05:32:23PM -0500, Taylor, Grant wrote:
> If you
> REALLY want to put a system in place and have it try to guess if there are
> multiple clients behind a system you should probably look at the sequence
> numbers that are coming out in packets too as a single system should have
> sequence numbers that are incrementing higher, not necessarily in
> sequential as in 123, 124, 125, as in the current sequence number should be
> higher than the previous and the next sequence number should be larger than
> the current. The sequence numbers should not jump all over the scale as
> this is another sign that there are multiple systems behind the firewall.
> In fact quite often if you have enough sequence numbers you can even guess
> fairly close as to how many systems are behind the firewall.
which is why many firewalls nowadays (the one we lovingly discuss on
this list not included) will randomize ISNs on the packets passing
"Pillsbury Doughboy: Nothing says "I Love You" quite like
Pill... hey! What the hell are you doing you crazy bitch?"
More information about the netfilter