Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Apr 2001 00:40:32 -0500 (CDT)
From:      Mike Silbersack <silby@silby.com>
To:        Mark T Roberts <newsletter@marktroberts.com>
Cc:        <freebsd-security@FreeBSD.ORG>
Subject:   Re: non-random IP IDs
Message-ID:  <Pine.BSF.4.31.0104120035120.2153-100000@achilles.silby.com>
In-Reply-To: <001f01c0c30b$805b0840$d2e2fdce@netrex.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On Thu, 12 Apr 2001, Mark T Roberts wrote:

> The other night I did a nessus security scan on my freeBSD box and I got the
> following warning.  I am hopping someone on this mailing list can give me a
> better idea what this warning means.
>
> Thanks
> Mark
>
> NESSUS Warning...
> The remote host uses non-random IP IDs, that is, it is
> possible to predict the next value of the ip_id field of
> the ip packets sent by this host.

Each IP packet sent has with it a 16-bit ID.  The numbers must remain
unique over a short period of time so fragmentation can work properly.  As
such, everything except recent openbsds simple increments the id by 1 for
each packet sent out.

As a result, you can tell the number of packets sent on an idle host by
seeing the difference in id numbers for the packets it sends back to you.
It's not really that important of an issue, don't worry about it.

Mike "Silby" Silbersack


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0104120035120.2153-100000>