From owner-freebsd-security Wed Apr 11 22:40:39 2001 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (adam042-060.resnet.wisc.edu [146.151.42.60]) by hub.freebsd.org (Postfix) with ESMTP id 02B9E37B496 for ; Wed, 11 Apr 2001 22:40:34 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 2255 invoked by uid 1000); 12 Apr 2001 05:40:32 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 12 Apr 2001 05:40:32 -0000 Date: Thu, 12 Apr 2001 00:40:32 -0500 (CDT) From: Mike Silbersack To: Mark T Roberts Cc: Subject: Re: non-random IP IDs In-Reply-To: <001f01c0c30b$805b0840$d2e2fdce@netrex.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 12 Apr 2001, Mark T Roberts wrote: > The other night I did a nessus security scan on my freeBSD box and I got the > following warning. I am hopping someone on this mailing list can give me a > better idea what this warning means. > > Thanks > Mark > > NESSUS Warning... > The remote host uses non-random IP IDs, that is, it is > possible to predict the next value of the ip_id field of > the ip packets sent by this host. Each IP packet sent has with it a 16-bit ID. The numbers must remain unique over a short period of time so fragmentation can work properly. As such, everything except recent openbsds simple increments the id by 1 for each packet sent out. As a result, you can tell the number of packets sent on an idle host by seeing the difference in id numbers for the packets it sends back to you. It's not really that important of an issue, don't worry about it. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message