Date: Thu, 12 Apr 2001 18:16:48 +1000 (Australia/ACT) From: Darren Reed <avalon@coombs.anu.edu.au> To: silby@silby.com (Mike Silbersack) Cc: newsletter@marktroberts.com (Mark T Roberts), freebsd-security@FreeBSD.ORG Subject: Re: non-random IP IDs Message-ID: <200104120816.SAA09404@caligula.anu.edu.au> In-Reply-To: <Pine.BSF.4.31.0104120035120.2153-100000@achilles.silby.com> from "Mike Silbersack" at Apr 12, 2001 12:40:32 AM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Mike Silbersack, sie said: > > > On Thu, 12 Apr 2001, Mark T Roberts wrote: > > > The other night I did a nessus security scan on my freeBSD box and I got the > > following warning. I am hopping someone on this mailing list can give me a > > better idea what this warning means. > > > > Thanks > > Mark > > > > NESSUS Warning... > > The remote host uses non-random IP IDs, that is, it is > > possible to predict the next value of the ip_id field of > > the ip packets sent by this host. > > Each IP packet sent has with it a 16-bit ID. The numbers must remain > unique over a short period of time so fragmentation can work properly. As > such, everything except recent openbsds simple increments the id by 1 for > each packet sent out. > > As a result, you can tell the number of packets sent on an idle host by > seeing the difference in id numbers for the packets it sends back to you. > It's not really that important of an issue, don't worry about it. Except when said idle host is behind a firewall, you can gauge, with a better amount of surety, if the firewall is dropping packets vs packets just being lost on the 'net. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104120816.SAA09404>