In message <42449818.9090804@web.de>, Felix Deichmann writes:
>Steven M. Bellovin wrote:
>>>If you are really paranoid:
>>># sysctl -w net.inet.ip.random_id=1
>>>
>> 
>> Against what threat?
>
>When there is only a simple IP ID increment, you can see a server's load 
>by looking at the IP ID difference. ICMP echo (ping) replys are enough.

Right -- and that tells you almost nothing of use.

The real threat from IP ID games, other than those described in my 
paper, is that you can use the field for "firewalking" -- trying to map 
what's behind certain kinds of firewalls.  But this isn't a firewall 
situation -- I'm recommending a hardened host, which is a very 
different situation.
>
>Ah, now that I read the article about IP IDs in German c't magazine, I 
>see that they also refer to your paper "A Technique for Counting NATted 
>Hosts" :-)

Well, yes, I did feel I had some experience with that field....

		--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb