[rescue] RFA: firewall

Steve Sandau ssandau at gwi.net
Fri Jan 7 16:45:22 CST 2005

<pretty good explanation snipped>

> The BSD version of this pseudo-random number generation thing is really a
> lot more truly random than other implementations.  Computing what the next
> packet number will be -in real time-, starting from the packet numbers you
> see going by between the two computers that are supposed to be doing the
> talking, is pretty near impossible.

That's all pretty understandable. The part I don't really understand is 
how one box can generate pseudo-random numbers to label packets, and the 
machine on the other end can then somehow put them in order. The numbers 
are, after all, not sequential, but somewhat random.


More information about the rescue mailing list