Date: Mon, 16 Apr 2001 22:38:52 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Julian Elischer <julian@elischer.org> Cc: Darren Reed <avalon@coombs.anu.edu.au>, Kris Kennaway <kris@obsecurity.org>, Mark T Roberts <newsletter@marktroberts.com>, <freebsd-security@FreeBSD.ORG>, <net@FreeBSD.ORG> Subject: Re: non-random IP IDs Message-ID: <Pine.BSF.4.31.0104162234340.16353-100000@achilles.silby.com> In-Reply-To: <3ADBB93B.3C9DC3DE@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 16 Apr 2001, Julian Elischer wrote: > there is a site that calculates server uptime from these numbers. > All the leading machines are freeBSD. When you do this it will > no-longer be able to track us :-( They're using TCP timestamps to do that, not ip ids. And if I get my way, those will be unuseable for uptime detection soon enough... :) > what is the problem in having these numbers sequential? Anonymous port scans, some firewall probing as mentioned by darren, and the ability to see the idleness of a host. Not enough to make randomization the default policy, but certainly enough to justify a sysctl. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0104162234340.16353-100000>