Subject: Re: random ip_id must be configurable
To: None <email@example.com>
From: Darren Reed <firstname.lastname@example.org>
Date: 09/12/2003 23:04:36
> i got a couple of references on ip_id/DNS id attacks:
> smb's paper on counting hosts behind NAT using ip_id. if you use
> non-random ip_id, number of hosts behind NAT will be revealed.
Yes. And so what ? This change (generating pseudo-random ones for NetBSD)
does nothing to address the problem for NAT unless it is a NetBSD box that
is being NAT'd. IPFilter 4.0 provides an adequate knob (unlike pf) that
> There is a tool that exploits sequential DNS ids blindly at:
Do you understand that attacking DNS id's is completely different
to attacking IP id's ? In case you don't, DNS has its own 16bit
ID that goes in every request sent from a DNS client to a DNS server.
This is not in any way, shape or form, related to the IPid except
> note also freebsd and Solaris do randomize ip_id.
Solaris randomises the ip_id huh ? Then how come a default installation
of Solaris doesn't have randomised ip_id's ? In case you're wondering, I
just tested Solaris-current.