Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 16 Apr 2001 22:38:52 -0500 (CDT)
From:      Mike Silbersack <silby@silby.com>
To:        Julian Elischer <julian@elischer.org>
Cc:        Darren Reed <avalon@coombs.anu.edu.au>, Kris Kennaway <kris@obsecurity.org>, Mark T Roberts <newsletter@marktroberts.com>, <freebsd-security@FreeBSD.ORG>, <net@FreeBSD.ORG>
Subject:   Re: non-random IP IDs
Message-ID:  <Pine.BSF.4.31.0104162234340.16353-100000@achilles.silby.com>
In-Reply-To: <3ADBB93B.3C9DC3DE@elischer.org>

next in thread | previous in thread | raw e-mail | index | archive | help

On Mon, 16 Apr 2001, Julian Elischer wrote:

> there is a site that calculates server uptime from these numbers.
> All the leading machines are freeBSD. When you do this it will
> no-longer be able to track us :-(

They're using TCP timestamps to do that, not ip ids.  And if I get my way,
those will be unuseable for uptime detection soon enough... :)

> what is the problem in having these numbers sequential?

Anonymous port scans, some firewall probing as mentioned by darren, and
the ability to see the idleness of a host.  Not enough to make
randomization the default policy, but certainly enough to justify a
sysctl.

Mike "Silby" Silbersack


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0104162234340.16353-100000>