An evil middlebox is a transparent device that sits inbetween an end-to-end connection that disturbs the normal end-to-end traffic in some way. As you can not see these devices which usually work on layer 2, it is difficult to debug issues that involve them. Examples are HTTP proxy, Gateway proxy (all protocols). Normally, these devices are installed for security reasons to filter out "bad" traffic. Bad traffic may be viri, trojans, evil javascript, or anything that is not known to the device. Sometimes also so called rate shapers are installed as middleboxes; while these do not change the contents of the traffic, they do drop packets according to rules only known by themselves. Bugs in such middleboxes can have fatal consequences for "legitimate" Internet traffic which may lead to performance or even worse connection issues.

Middleboxes come in all shapes and flavors. The most popular are firewalls:

Examples of experienced performance issues

Two examples in the beginning of 2005 in SWITCH:

A Cisco IOS Firewall in August 2006 in Funet:

DNS Based global load balancing problems

The same issue has also been found with some models of the Fortigate firewall.

– Main.ChrisWelti - 01 Mar 2005
- Main.PekkaSavola - 10 Oct 2006

-- Main.PekkaSavola - 07 Nov 2006

-- Main.AlexGall - 2012-10-31