sNAT to Windows server and port collision

wow, thanks for the detail on the F5 plugin, that will make life easier for sure !

 

 

we have multiple IP's in the sNAT pool

 

 

time wait is set to 300000 ms , though I believe this is the f5 time wait, and has no effect on the server timewait or how the f5 acts when the server is in timewait

 

 

time wait recycle is currently enabled, and we tried disabled, but as above, as this is a server timewait, I don't think this will make any difference

 

 

we replicated this failure with 1 user on their second tcp connection when we use port change. after the first tcp connection closed, the server went to time-wait, and then client spawned a new connection with client local port +1. The f5 tried to reuse the same local port from the previous connection to the server, and got no response. This was within 3 seconds of the previous connection closing, so AFAIK, the f5 should NOT have attempted to reuse the server socket because as per the rfc , it would be in timewait.

 

 

I thought that maybe the f5 would attempt reuse with tcp assassination principles, but if it is, it's failing as the ISN's aren't acceptable by the server for assassination to work.