Date: Thu, 12 Apr 2001 00:40:32 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Mark T Roberts <newsletter@marktroberts.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: non-random IP IDs Message-ID: <Pine.BSF.4.31.0104120035120.2153-100000@achilles.silby.com> In-Reply-To: <001f01c0c30b$805b0840$d2e2fdce@netrex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 12 Apr 2001, Mark T Roberts wrote: > The other night I did a nessus security scan on my freeBSD box and I got the > following warning. I am hopping someone on this mailing list can give me a > better idea what this warning means. > > Thanks > Mark > > NESSUS Warning... > The remote host uses non-random IP IDs, that is, it is > possible to predict the next value of the ip_id field of > the ip packets sent by this host. Each IP packet sent has with it a 16-bit ID. The numbers must remain unique over a short period of time so fragmentation can work properly. As such, everything except recent openbsds simple increments the id by 1 for each packet sent out. As a result, you can tell the number of packets sent on an idle host by seeing the difference in id numbers for the packets it sends back to you. It's not really that important of an issue, don't worry about it. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0104120035120.2153-100000>