Subject: Re: random ip_id must be configurable
To: Jun-ichiro itojun Hagino <>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-net
Date: 09/11/2003 15:11:40
So what? Malicious parties can inject bogus entire packets into a
datastream if they choose. Whats the difference?

I can only conclude that you did not adequately review the code you
committed, because it does not mention fragmentation attacks; But it
*does* explicitly mention "the resolver/named problem".

Can I ask just why you are committing code to the NetBSD tree without
adequate review, and in the face of a prior consensus *against*
forcing 15-bit linear-congruential randomized IP_IDs?

As for preventing fragmmentation attacks: this change is neither
necessary nor sufficient.  I've mentioned a better approach (for which
I have a working, shipped implementation) here tha said, on this list.


Itujun, that's really reaching. I'm looking for a responsive,
well-reasoned, technical argument to support making randomized IDs the
default. If this is the best you can offer, you're not helping your case.