On Mon, Apr 23, 2001 at 01:20:11PM -0400, der Mouse wrote:

 > > No, it doesn't.
 > 
 > Why not?  The firewall, by definition of syn-cookies, has kept no state
 > and hence will not retransmit anything.  The client, on the other hand,
 > has no reason to think anything is amiss and is waiting for the server
 > to send its greeting banner.  (Assuming, as mentioned previously, that

Correct -- NetBSD's "syn cache", in fact, had a bug like this that
caused clients to hang in exactly this manner, before I fixed it
before the 1.4 release.

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>