On Mon, May 16, 2022 at 6:23 AM Philipp Buehler <e1c1bac6253dc54a1e89ddc046585...@posteo.net> wrote: > Back in the days outgoing (tcp) connections had predictable port > numbers, > sequence numbers, time based stamps of kinds and so on. This did change > like "let's random all the things" and this was not only against > fingerprinting > but actual hijack/connection killing attacks. > > So I cannot tell (recall) but randomizing in nat-to will bring those > attacks > down even for "naive" stacks sending from behind the pf gateway.
Thank you, I was unaware of these attacks. Randomizing the source port in `nat-to` makes much more sense given this context.
