This concludes my little story about how making firewalls better and more powerful to prevent infiltration and direct reconnaissance also made them easier to examine with indirect assessment. But allow me this brief digression.

Perhaps the most bizarre and interesting discovery is one I encountered somewhere back in 1999. Although not directly related to the design of firewalls, it still provides interesting food for thought for anyone interested in the problem of passively fingerprinting interim systems.

Jacek P. Szymanski, with whom I worked briefly and with whom I later had the pleasure of discussing certain unusual and suspicious network traffic patterns,^[27] noted a sudden increase in badly broken TCP/IP packets coming to port ...