Date: Wed, 30 Apr 2003 16:05:39 -0700 From: "Crist J. Clark" <crist.clark@attbi.com> To: "."@babolo.ru Cc: net@FreeBSD.org Subject: Re: Reducing ip_id information leakage Message-ID: <20030430230539.GB3912@blossom.cjclark.org> In-Reply-To: <1051741424.259802.1572.nullmailer@cicuta.babolo.ru> References: <200304302142.h3ULgZ0i056433@khavrinen.lcs.mit.edu> <1051741424.259802.1572.nullmailer@cicuta.babolo.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 01, 2003 at 02:23:44AM +0400, "."@babolo.ru wrote:
> > <<On Wed, 30 Apr 2003 16:35:24 -0500 (CDT), Mike Silbersack <silby@silby.com> said:
[snip]
> > The trouble is that we need sequences that are guaranteed not to
> > repeat too fast -- and even then we'll still break on modern networks
> > anyway, as I noted in my comment.
> Why not to use 16 bit of 32 bit pseudorandom generator?
Uhh... I might be missing a joke here, but the problem is that after
you put 65536 packets onto the wire, the next one _must_ have a
repeated IP ID (since there are only 65536 possible). Choosing a
random IP ID only can make this problem worse. As many of the
references perviously discussed or a very simple calculation on your
own will show, with a perfect random generator, after about 300
packets, there is a 50-50 chance the next packet's IP ID will
collide (good ol' "birthday paradox").
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030430230539.GB3912>