Stateful filtering (cont)

Furthermore, when a TCP connection is taken over, the ACK storm resulting is likely to be caught by the packet filter
For a description on how to do this
- http://www.madison-gurkha.com/ publications/tcp_filtering/tcp_filtering.ps
Implemented in IP-Filter and OpenBSD's pf

Furthermore, when a TCP connection is taken over, the ACK storm resulting is likely to be caught by the packet filter