> So has anyone actually ever seen this before? If so, how does a firewall
> deal with this type of connection? This would speak volumes to
> inspecting payload. I would assume that a firewall/filter that simply
> makes decisions based upon the data located at a certain offset from the
> preamble field would probably miss this.
Sounds like TMux - RFC 1692. I don't know what its current status is.
There is a paragraph in the RFC suggesting that non-TMux routers should
be set to block all TMux packets - causing the hosts to fall back to normal.