Date: Mon, 16 Apr 2001 17:46:11 -0400 From: Niels Provos <provos@citi.umich.edu> To: Kris Kennaway <kris@obsecurity.org> Cc: Wes Peters <wes@softweyr.com>, freebsd-security@FreeBSD.ORG, net@FreeBSD.ORG, provos@OpenBSD.org Subject: Re: non-random IP IDs Message-ID: <20010416214611.6DA3F207C1@citi.umich.edu> In-Reply-To: Kris Kennaway, Mon, 16 Apr 2001 12:10:19 PDT
next in thread | raw e-mail | index | archive | help
In message <20010416121019.D10023@xor.obsecurity.org>, Kris Kennaway writes: >Presumably there was some reasoning there. Niels, can you shed any >light? No reasoning. You do not need the htons(). The fragment ids just need to be unique. An htons() does not change that property. I dont like that code very much. A variable-block-size cipher in counter mode would do the job better. However, what many ppl do not realize is that you can use predictable ip ids to anonymously port scan machines. Bugtraq talks about how to do that. Niels. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010416214611.6DA3F207C1>