Re: [m0n0wall] LDAP over TLS: blocked packets that shouldn't be blocked

From:	"Chris Buechler" <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] LDAP over TLS: blocked packets that shouldn't be blocked
Date:	Tue, 26 Sep 2006 23:12:37 -0400

On 9/26/06, Joyce, Wesley K. <wjoyce at uvi dot edu> wrote:
> Disturbing indeed.  How do other firewalls handle the "duplicate or last packets of a session" >
issue?
>

Disturbing?  This is how stateful firewalls work.  All stateful
firewalls, commercial or open source, have the same "issue".  If they
let that traffic through, after the connection it was associated with
is closed and out of the state table, it'd be a very disturbing gaping
security hole.

All the BSD packet filters log packets dropped for this reason.  I'm
not familiar with other open source firewalls.  Most commercial
firewalls will log this the same way (the Cisco PIX firewalls I
administer log a huge amount of this - many thousands of instances of
this per day on a T1, and increases proportionately for bigger pipes).
 I've been told that some commercial firewalls hide this to avoid
support issues with the question you brought up - though I can't
personally vouch for this.

-Chris