From owner-freebsd-security Tue Apr 17 10:38:32 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-27.dsl.lsan03.pacbell.net [63.207.60.27]) by hub.freebsd.org (Postfix) with ESMTP id EF51F37B43F; Tue, 17 Apr 2001 10:38:24 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 2A14F67C11; Tue, 17 Apr 2001 10:38:24 -0700 (PDT) Date: Tue, 17 Apr 2001 10:38:23 -0700 From: Kris Kennaway To: Matt Dillon Cc: Kris Kennaway , Niels Provos , Wes Peters , freebsd-security@FreeBSD.ORG, net@FreeBSD.ORG, provos@OpenBSD.org Subject: Re: non-random IP IDs Message-ID: <20010417103823.A49384@xor.obsecurity.org> References: <20010416214611.6DA3F207C1@citi.umich.edu> <200104170157.f3H1v4d87804@earth.backplane.com> <20010416233042.A21394@xor.obsecurity.org> <200104171731.f3HHVFu94944@earth.backplane.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="7JfCtLOvnd9MIVvH" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200104171731.f3HHVFu94944@earth.backplane.com>; from dillon@earth.backplane.com on Tue, Apr 17, 2001 at 10:31:15AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --7JfCtLOvnd9MIVvH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 17, 2001 at 10:31:15AM -0700, Matt Dillon wrote: >=20 > :> It's not worth doing. We would be introducing unnecessary cpu bur= n on > :> every single packet we sent out, all to solve a problem that doesn= 't > :> really exist. > : > :Well, that's why it's a sysctl defaulting to off in my patch. Don't > :turn it on if you don't want to. > : > :Kris >=20 > Let me put it another way: I think this sort of thing is an excellent > example of introducing unnecessary kernel bloat into the system. Who > gives a fart whether someone can port scan you efficiently or > anonymously or not? I get port scanned every day. Most hackers don't > even bother with portscans, they just try the exploit on the target= =20 > machines directly. Tools, not policy.. You may not care about it, but others do. Kris --7JfCtLOvnd9MIVvH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE63H+PWry0BWjoQKURAjS3AJ0XbkDrdbdXfQtVsqNRMqv3FgCHwgCfW/01 LJrMwuCPS6PVA5Upc8ODp7s= =hVGy -----END PGP SIGNATURE----- --7JfCtLOvnd9MIVvH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message