Subject: Re: random ip_id must be configurable
To: None <>
From: Darren Reed <>
List: tech-net
Date: 09/12/2003 23:04:36
>	i got a couple of references on ip_id/DNS id attacks:
>	smb's paper on counting hosts behind NAT using ip_id.  if you use
>	non-random ip_id, number of hosts behind NAT will be revealed.

Yes.  And so what ?  This change (generating pseudo-random ones for NetBSD)
does nothing to address the problem for NAT unless it is a NetBSD box that
is being NAT'd.  IPFilter 4.0 provides an adequate knob (unlike pf) that
resolves this.

>	There is a tool that exploits sequential DNS ids blindly at:

Do you understand that attacking DNS id's is completely different
to attacking IP id's ?  In case you don't, DNS has its own 16bit
ID that goes in every request sent from a DNS client to a DNS server.
This is not in any way, shape or form, related to the IPid except
by coincidence.

>	note also freebsd and Solaris do randomize ip_id.

Solaris randomises the ip_id huh ?  Then how come a default installation
of Solaris doesn't have randomised ip_id's ?  In case you're wondering, I
just tested Solaris-current.