Date: Mon, 16 Apr 2001 12:06:30 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: Kris Kennaway <kris@obsecurity.org>, Mike Silbersack <silby@silby.com>, Mark T Roberts <newsletter@marktroberts.com>, freebsd-security@FreeBSD.ORG, net@FreeBSD.ORG Subject: Re: non-random IP IDs Message-ID: <20010416120630.C10023@xor.obsecurity.org> In-Reply-To: <200104161836.EAA03291@caligula.anu.edu.au>; from avalon@coombs.anu.edu.au on Tue, Apr 17, 2001 at 04:36:15AM %2B1000 References: <20010416024805.A688@xor.obsecurity.org> <200104161836.EAA03291@caligula.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
--TYecfFk8j8mZq+dy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Apr 17, 2001 at 04:36:15AM +1000, Darren Reed wrote: > You should optimize it for mod being 2^n-1 (or make that a requirement). I'm afraid I don't have time to look at this right now. Perhaps it can be revisited (the sysctl defaults to off for now), or Niels Provos may be interested in the idea. > Also, drop the HTONS statements, they no longer make sense. Before ip_id > was a counter and so it made sense (sorta) to change its byte ordering to > network. Now it's just a random number so there is no longer any need. Well, it still has wrapping properties like a network-order counter, i.e. the algorithm attempts to order the output so that it doesn't wrap within the segment lifetime. That would be lost without using HTONS. Kris --TYecfFk8j8mZq+dy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE620K1Wry0BWjoQKURAn72AJ9LgQ5HdeYEA09g3tA15l62W75dYwCg9pZd g3J2gozaTEXPWVstnZjh9ts= =LYF5 -----END PGP SIGNATURE----- --TYecfFk8j8mZq+dy-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010416120630.C10023>