Valdis.Kletnieks@xxxxxx writes: > The problem is that the most common failure mode is *not* > getting an RST back, but getting NOTHING back because > some squirrely firewall between here and there is silently > dropping packets with bits it doesn't understand. Ah ... that would definitely be a bug with the firewall, then. However, a slight complication is that firewalls normally do not enter into TCP/IP conversations as proxies for the true correspondents--so is it really appropriate for a firewall to send a RST on behalf of some other host? If the firewall really is a legitimate proxy as well, no problem, but if it is intended to be fairly transparent, holding conversations with a distant host in a way that gives the latter the impression that it is talking to someone else is risky business. I also don't see why a firewall would drop packets just because reserved bits are set, although I can see why it might be a configurable option for the most paranoid users.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature