> > Your web server sends a syn-ack response, which the firewall in front of > > 204.157.6.223 silently drops (since it never saw the first packet of the > > connection). > > If the firewall never saw the first packet, how did it get to the web server? You probably misread my mail. It is not the firewall in front of the webserver, but at the other end, in front of the (probably spoofed) 204.157.6.223 machine. It does not have to see the syn packet, but it will see the syn-ack coming back. Akos -- Akos Szalkai <szalkai@xxxxx> IT Consultant, CISA 2F 2000 Szamitastechnikai es Szolgaltato Kft. Tel: (+36-1)-4887700 Fax: (+36-1)-4887709 WWW: http://www.2f.hu/
