Date: Mon, 16 Apr 2001 18:57:04 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Niels Provos <provos@citi.umich.edu> Cc: Kris Kennaway <kris@obsecurity.org>, Wes Peters <wes@softweyr.com>, freebsd-security@FreeBSD.ORG, net@FreeBSD.ORG, provos@OpenBSD.org Subject: Re: non-random IP IDs Message-ID: <200104170157.f3H1v4d87804@earth.backplane.com> References: <20010416214611.6DA3F207C1@citi.umich.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
:No reasoning. You do not need the htons(). The fragment ids just
:need to be unique. An htons() does not change that property. I dont
:like that code very much. A variable-block-size cipher in counter
:mode would do the job better.
:
:However, what many ppl do not realize is that you can use predictable
:ip ids to anonymously port scan machines. Bugtraq talks about how to
:do that.
:
:Niels.
It's not worth doing. We would be introducing unnecessary cpu burn on
every single packet we sent out, all to solve a problem that doesn't
really exist. Most people doing port scans don't care whether they
are anonymous or not, anyway. They just do the scans. Also, port
scanning software has gotten a whole lot more sophisticated these
days... usually people want to portscan a whole bunch (thousands) of
machines all at once, but to prevent detection the newer programs
randomize the port and host being tested on a per-packet basis so
any given 'victim' doesn't actually see all that much traffic.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104170157.f3H1v4d87804>