From owner-freebsd-net Mon Apr 16 20:33: 0 2001 Delivered-To: freebsd-net@freebsd.org Received: from filk.iinet.net.au (syncopation-dns.iinet.net.au [203.59.24.29]) by hub.freebsd.org (Postfix) with SMTP id 23C0D37B505 for ; Mon, 16 Apr 2001 20:32:54 -0700 (PDT) (envelope-from julian@elischer.org) Received: (qmail 26709 invoked by uid 666); 17 Apr 2001 03:35:35 -0000 Received: from i186-154.nv.iinet.net.au (HELO elischer.org) (203.59.186.154) by mail.m.iinet.net.au with SMTP; 17 Apr 2001 03:35:35 -0000 Message-ID: <3ADBB93B.3C9DC3DE@elischer.org> Date: Mon, 16 Apr 2001 20:32:11 -0700 From: Julian Elischer X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 5.0-CURRENT i386) X-Accept-Language: en, hu MIME-Version: 1.0 To: Darren Reed Cc: Kris Kennaway , Mike Silbersack , Mark T Roberts , freebsd-security@FreeBSD.ORG, net@FreeBSD.ORG Subject: Re: non-random IP IDs References: <200104161836.EAA03291@caligula.anu.edu.au> Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Darren Reed wrote: > > In some mail from Kris Kennaway, sie said: > > > > > > --rwEMma7ioTxnRzrJ > > Content-Type: text/plain; charset=us-ascii > > Content-Disposition: inline > > Content-Transfer-Encoding: quoted-printable > > > > On Mon, Apr 16, 2001 at 02:03:11AM -0700, Kris Kennaway wrote: > > > > > Here's a patch ported from OpenBSD which randomizes this (supposedly > > > such that it respects the constraint of not wrapping within the > > > prescribed time period). I should wrap it in a sysctl, I guess. > > >=20 > > > http://www.freebsd.org/~kris/ipid.patch > > > > Okay, I did this and updated the patch, with the sysctl defaulting to > > off since the random algorithm does add some amount of overhead. > > > > > Comments? > > You should optimize it for mod being 2^n-1 (or make that a requirement). > > Also, drop the HTONS statements, they no longer make sense. Before ip_id > was a counter and so it made sense (sorta) to change its byte ordering to > network. Now it's just a random number so there is no longer any need. there is a site that calculates server uptime from these numbers. All the leading machines are freeBSD. When you do this it will no-longer be able to track us :-( what is the problem in having these numbers sequential? > > Darren > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message -- __--_|\ Julian Elischer / \ julian@elischer.org ( OZ ) World tour 2000-2001 ---> X_.---._/ v To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message