From owner-freebsd-security Tue Apr 17 10:31:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67]) by hub.freebsd.org (Postfix) with ESMTP id 717FF37B43C; Tue, 17 Apr 2001 10:31:32 -0700 (PDT) (envelope-from dillon@earth.backplane.com) Received: (from dillon@localhost) by earth.backplane.com (8.11.2/8.11.2) id f3HHVFu94944; Tue, 17 Apr 2001 10:31:15 -0700 (PDT) (envelope-from dillon) Date: Tue, 17 Apr 2001 10:31:15 -0700 (PDT) From: Matt Dillon Message-Id: <200104171731.f3HHVFu94944@earth.backplane.com> To: Kris Kennaway Cc: Niels Provos , Kris Kennaway , Wes Peters , freebsd-security@FreeBSD.ORG, net@FreeBSD.ORG, provos@OpenBSD.org Subject: Re: non-random IP IDs References: <20010416214611.6DA3F207C1@citi.umich.edu> <200104170157.f3H1v4d87804@earth.backplane.com> <20010416233042.A21394@xor.obsecurity.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :> It's not worth doing. We would be introducing unnecessary cpu burn on :> every single packet we sent out, all to solve a problem that doesn't :> really exist. : :Well, that's why it's a sysctl defaulting to off in my patch. Don't :turn it on if you don't want to. : :Kris Let me put it another way: I think this sort of thing is an excellent example of introducing unnecessary kernel bloat into the system. Who gives a fart whether someone can port scan you efficiently or anonymously or not? I get port scanned every day. Most hackers don't even bother with portscans, they just try the exploit on the target machines directly. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message