From owner-freebsd-net@FreeBSD.ORG Sat Apr 4 08:39:49 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 696F5E04; Sat, 4 Apr 2015 08:39:49 +0000 (UTC) Received: from mail.turbocat.net (heidi.turbocat.net [88.198.202.214]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2612BA49; Sat, 4 Apr 2015 08:39:49 +0000 (UTC) Received: from laptop015.home.selasky.org (cm-176.74.213.204.customer.telag.net [176.74.213.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id 1E4B71FE022; Sat, 4 Apr 2015 10:39:44 +0200 (CEST) Message-ID: <551FA37B.90609@selasky.org> Date: Sat, 04 Apr 2015 10:40:27 +0200 From: Hans Petter Selasky User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Gleb Smirnoff Subject: Re: Patch to reduce use of global IP ID value(s) to avoid leaking information References: <551F034A.3040402@selasky.org> <20150403213641.GM64665@glebius.int.ru> In-Reply-To: <20150403213641.GM64665@glebius.int.ru> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-net@freebsd.org" , "Robert N. M. Watson" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Apr 2015 08:39:49 -0000 Hi Gleb, On 04/03/15 23:36, Gleb Smirnoff wrote: > The documentation on net.inet.ip.random_id is solid and doesn't need the > text from your commit. Let me detail a bit more. The old text describing "random_id" clearly gives the wrong impression. It says that information is only leaking one way. It is for sure very misleading. Information can leak both from the inside to the outside and from the outside to the inside. And also between two outsiders or two insiders. That's what's scares me. Try using my testapp if you don't believe me. Given that the ICMP limit is 200 per second by default, I would guess that 199 bits could at maximum be transferred per second in between two parties using the proper algorithms. If I myself was setting up a firewall, this is the kind of stuff I would like to know about in advance. --HPS