From owner-freebsd-security Mon Apr 16 11:36:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by hub.freebsd.org (Postfix) with ESMTP id DD97837B43C; Mon, 16 Apr 2001 11:36:37 -0700 (PDT) (envelope-from avalon@caligula.anu.edu.au) Received: (from avalon@localhost) by caligula.anu.edu.au (8.9.3/8.9.3) id EAA03291; Tue, 17 Apr 2001 04:36:16 +1000 (EST) From: Darren Reed Message-Id: <200104161836.EAA03291@caligula.anu.edu.au> Subject: Re: non-random IP IDs To: kris@obsecurity.org (Kris Kennaway) Date: Tue, 17 Apr 2001 04:36:15 +1000 (Australia/ACT) Cc: kris@obsecurity.org (Kris Kennaway), silby@silby.com (Mike Silbersack), newsletter@marktroberts.com (Mark T Roberts), freebsd-security@FreeBSD.ORG, net@FreeBSD.ORG In-Reply-To: <20010416024805.A688@xor.obsecurity.org> from "Kris Kennaway" at Apr 16, 2001 02:48:05 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Kris Kennaway, sie said: > > > --rwEMma7ioTxnRzrJ > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > On Mon, Apr 16, 2001 at 02:03:11AM -0700, Kris Kennaway wrote: > > > Here's a patch ported from OpenBSD which randomizes this (supposedly > > such that it respects the constraint of not wrapping within the > > prescribed time period). I should wrap it in a sysctl, I guess. > >=20 > > http://www.freebsd.org/~kris/ipid.patch > > Okay, I did this and updated the patch, with the sysctl defaulting to > off since the random algorithm does add some amount of overhead. > > > Comments? You should optimize it for mod being 2^n-1 (or make that a requirement). Also, drop the HTONS statements, they no longer make sense. Before ip_id was a counter and so it made sense (sorta) to change its byte ordering to network. Now it's just a random number so there is no longer any need. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message