Subject: Re: security for netbsd as web server
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Felix Deichmann <f.dei@web.de>
List: netbsd-users
Date: 03/26/2005 00:00:40
Steven M. Bellovin wrote:
>>If you are really paranoid:
>># sysctl -w net.inet.ip.random_id=1
>>
>
> Against what threat?
When there is only a simple IP ID increment, you can see a server's load
by looking at the IP ID difference. ICMP echo (ping) replys are enough.
Ah, now that I read the article about IP IDs in German c't magazine, I
see that they also refer to your paper "A Technique for Counting NATted
Hosts" :-)
Regards
Felix