On Sun, 30 Oct 2005 08:17:21 -0800
Geoff Sweet <[EMAIL PROTECTED]> wrote:
> That's why you set min-ttl to it's highest value. You could also look
> at 'reassemble tcp'. It modifies ttl setting in the session as well.
> But it's meant more for normalizing traffic.
look that:
[anti-nat]
|
|
|
|
min-ttl 128--> [NAT on OpenBSD]----+
| | |
| | |
| | |
| | |
[WinXP] [FreeBSD] [bla-bla-bla OS with bla-bla-bla TCP options]
(128) (64) (245)
WinXP - scrubed
FreeBSD - passing
bla-bla-bla - passing and droping by anty-nat systems
if i'm set TTL on my OpenBSD == 255 - it's blocked too, becouse anti-nat
systems "understand" this "tricks"..
whats wrong?
