I really love these abuses of TCP. Over the weekend I setup my router to do TCP proxying, and I noticed that a lot of sites do not emit valid TCP streams (making them inaccessible to machines behind the router). Metafilter, in particular, emits a valid stream if the page is not cached (like submitting an article), but it's hit or miss if the page is cached.
Presumably this is because the load balancer hijacks the raw TCP connection, but is not smart enough to use valid sequence numbers:
The side effect of the Internet violating the TCP standard is that TCP becomes a lot less resistant to man-in-the-middle attacks. And, my firewall has to deal with various strange things, like packets in the middle of a TCP stream that have a TTL such that they don't get routed, but do affect the firewall's state table. But hey, at least your load balancer doesn't have to establish two TCP connections! Imagine the latency that would introduce!
This is actually really annoying. The same thing happens with isohunt.com, at least, if I disable the scrub feature of my PF firewall I can get to isohunt.com, if I enable the scrub feature I can no longer get to isohunt.
Now, like you mentioned there seem to be quite a few sites that are doing this. It irks me that this abuse of TCP/IP happens which makes it harder to write proper firewalling software and rules.
Presumably this is because the load balancer hijacks the raw TCP connection, but is not smart enough to use valid sequence numbers:
http://readlist.com/lists/openbsd.org/misc/9/45511.html
The side effect of the Internet violating the TCP standard is that TCP becomes a lot less resistant to man-in-the-middle attacks. And, my firewall has to deal with various strange things, like packets in the middle of a TCP stream that have a TTL such that they don't get routed, but do affect the firewall's state table. But hey, at least your load balancer doesn't have to establish two TCP connections! Imagine the latency that would introduce!