From owner-freebsd-net  Mon Apr 16 14:46:15 2001
Delivered-To: freebsd-net@freebsd.org
Received: from citi.umich.edu (citi.umich.edu [141.211.92.141])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5D6A137B446; Mon, 16 Apr 2001 14:46:12 -0700 (PDT)
	(envelope-from provos@citi.umich.edu)
Received: from citi.umich.edu (ssh-mapper.citi.umich.edu [141.211.92.147])
	by citi.umich.edu (Postfix) with ESMTP
	id 6DA3F207C1; Mon, 16 Apr 2001 17:46:11 -0400 (EDT)
Subject: Re: non-random IP IDs 
From: Niels Provos <provos@citi.umich.edu>
In-Reply-To: Kris Kennaway, Mon, 16 Apr 2001 12:10:19 PDT
To: Kris Kennaway <kris@obsecurity.org>
Cc: Wes Peters <wes@softweyr.com>, freebsd-security@FreeBSD.ORG,
	net@FreeBSD.ORG, provos@OpenBSD.org
Date: Mon, 16 Apr 2001 17:46:11 -0400
Message-Id: <20010416214611.6DA3F207C1@citi.umich.edu>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <20010416121019.D10023@xor.obsecurity.org>, Kris Kennaway writes:
>Presumably there was some reasoning there.  Niels, can you shed any
>light?
No reasoning.  You do not need the htons().  The fragment ids just
need to be unique.  An htons() does not change that property.  I dont
like that code very much.  A variable-block-size cipher in counter
mode would do the job better.

However, what many ppl do not realize is that you can use predictable
ip ids to anonymously port scan machines.  Bugtraq talks about how to
do that.

Niels.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message