On 9/26/06, Joyce, Wesley K. <wjoyce at uvi dot edu> wrote:
> Disturbing indeed. How do other firewalls handle the "duplicate or last packets of a session" >
Disturbing? This is how stateful firewalls work. All stateful
firewalls, commercial or open source, have the same "issue". If they
let that traffic through, after the connection it was associated with
is closed and out of the state table, it'd be a very disturbing gaping
All the BSD packet filters log packets dropped for this reason. I'm
not familiar with other open source firewalls. Most commercial
firewalls will log this the same way (the Cisco PIX firewalls I
administer log a huge amount of this - many thousands of instances of
this per day on a T1, and increases proportionately for bigger pipes).
I've been told that some commercial firewalls hide this to avoid
support issues with the question you brought up - though I can't
personally vouch for this.