Firewall packet filter question..... **After** setting up a TCP connection, it may seem to make sense that ALL future packets would set the ACK flag. (ACK is important in 2 way communication since both sides need to constantly confirm //receipt// of _past_ packets.) Therefore, you might think it would be a good idea to set up you firewall to drop packets on ESTABLISHED connections that don't have ACK bit set. However, here is an apparent case where non-ACKs exist!!!... 1. One way traffic!!! --- sender has nothing to ACK! 2. One side sends LESS packets then the other! -- fast side doesn't have enough incoming to ACK either! Agree? Why then do people say to drop non-ACK'd packets as suspicious??.... I would think it would be common for one side to send more packets then the other. I could be wrong. Chris
