Date: Tue, 17 Apr 2001 13:45:26 -0400 (EDT) From: Matt Piechota <piechota@argolis.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Matt Dillon <dillon@earth.backplane.com>, Niels Provos <provos@citi.umich.edu>, Wes Peters <wes@softweyr.com>, <freebsd-security@FreeBSD.ORG>, <net@FreeBSD.ORG>, <provos@OpenBSD.org> Subject: Re: non-random IP IDs Message-ID: <Pine.BSF.4.31.0104171343380.29592-100000@cithaeron.argolis.org> In-Reply-To: <20010417103823.A49384@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 17 Apr 2001, Kris Kennaway wrote: > > :Well, that's why it's a sysctl defaulting to off in my patch. Don't > > :turn it on if you don't want to. > > > > Let me put it another way: I think this sort of thing is an excellent > > example of introducing unnecessary kernel bloat into the system. Who > > gives a fart whether someone can port scan you efficiently or > > anonymously or not? I get port scanned every day. Most hackers don't > > even bother with portscans, they just try the exploit on the target > > machines directly. > > Tools, not policy.. > > You may not care about it, but others do. Would it be better to do it as a kernel option? options IP_RANDOM_IP_ID for instance? I guess the question is, does the kernel have to do a comparison to the sysctl variable each time? -- Matt Piechota Finger piechota@emailempire.com for PGP key AOL IM: cithaeron To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0104171343380.29592-100000>