I have seen an ancient "drop packets with zero-length tcp window" rule in iptables in my company. Funny enough to learn that zero-length tcp window can be found in normal, non-malicious packets!
the amount of firewall vendor's who drop this kind of PDU by default is astounding.
I once spend a week troubleshooting a firewall at a customer's side who had a similair issue with zero-length tcp window PDU's.
The firewalls the customers used also didn't allow a change in this behaviour.
Luckely they where able to solve this in their software, but still, these kind of things should be configurable in a networking product.
I once spend a week troubleshooting a firewall at a customer's side who had a similair issue with zero-length tcp window PDU's.
The firewalls the customers used also didn't allow a change in this behaviour. Luckely they where able to solve this in their software, but still, these kind of things should be configurable in a networking product.