tech-net: Re: random ip_id must be configurable

Subject: Re: random ip_id must be configurable
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: None <itojun@iijlab.net>
List: tech-net
Date: 09/13/2003 07:28:34
>>        note also freebsd and Solaris do randomize ip_id.
>>http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_output.c.diff?r1=1.188&r2=1.189
>For those who have poor reading skills, please note that the FreeBSD 4
>randomized ip_ids are an config-time option, and the option defaults
>to "off".  I think that's a *good* example for us to follow.
>(Anyone who read the netipsec/ code should have notice that; netipsec/
>still has support for the FreeBSD 4 option header and ifdef.)

	based on nmap OS fingerprint database, freebsd randomizes ip_id.
	also you see even quite a few embedded products (like small broadband
	router) randomizes ip_id.  why we can't do it for netbsd.

itojun


Fingerprint SMC Barricade or D-Link DL-707 Wireless Broadband Router
Class D-Link | embedded || WAP

Fingerprint Apple Mac OS X 10.1.5
Class Apple | Mac OS X | 10.1.X | general purpose

Fingerprint Asante FriendlyNet FR3004 Series Internet Hub
Class Asante | embedded || hub

Fingerprint Commodore 64 with TFE Ethernet Card (uIP TCP/IP stack)
Class Commodore | embedded || game console

Fingerprint Commodore 64 with TFE Ethernet Card (Contiki)
Class Commodore | embedded || game console

Fingerprint Foundry FastIron Edge Switch (load balancer) 2402
Class Foundry | embedded || load balancer

Fingerprint FreeBSD 4.4-STABLE
Class FreeBSD | FreeBSD | 4.X | general purpose

Fingerprint FreeBSD 4.6
Class FreeBSD | FreeBSD | 4.X | general purpose

Fingerprint FreeBSD 4.7-RELEASE
Class FreeBSD | FreeBSD | 4.X | general purpose

Fingerprint FreeBSD 4.7-STABLE
Class FreeBSD | FreeBSD | 4.X | general purpose

Fingerprint FreeBSD 4.8-STABLE
Class FreeBSD | FreeBSD | 4.X | general purpose

Fingerprint FreeBSD 5.0-CURRENT (Apr 2002)
Class FreeBSD | FreeBSD | 5.X | general purpose

Fingerprint Gentoo 1.2 linux (Kernel 2.4.19-gentoo-rc5)
Class Linux | Linux | 2.4.X | general purpose

Fingerprint Linux 2.4.19 w/grsecurity patch
Class Linux | Linux | 2.4.X | general purpose

Fingerprint Linux 2.4.20 - 2.4.21 w/grsecurity.org patch
Class Linux | Linux | 2.4.X | general purpose

Fingerprint Nortel/Alteon ACE Director 3 Version 6.0.42-B
Class Alteon | embedded || load balancer

Fingerprint Novell Netware 5.1-6.0
Class Novell | Netware | 5.X | general purpose
Class Novell | Netware | 6.X | general purpose

Fingerprint Novell Netware 6 SP1
Class Novell | Netware | 6.X | general purpose

Fingerprint OpenBSD 2.9-beta through release (X86)
Class OpenBSD | OpenBSD | 2.X | general purpose

Fingerprint OpenBSD 2.9-stable
Class OpenBSD | OpenBSD | 2.X | general purpose

Fingerprint OpenBSD 3.0 or 3.3
Class OpenBSD | OpenBSD | 3.X | general purpose

Fingerprint OpenBSD 3.0-STABLE (X86)
Class OpenBSD | OpenBSD | 3.X | general purpose

Fingerprint OpenBSD 3.0 SPARC with pf "scrub in all" feature
Class OpenBSD | OpenBSD | 3.X | general purpose

Fingerprint OpenBSD 3.1 on an Alpha
Class OpenBSD | OpenBSD | 3.X | general purpose

Fingerprint OpenBSD 3.1 (X86)
Class OpenBSD | OpenBSD | 3.X | general purpose

Fingerprint OpenBSD 3.2 with pf scrub and no-df
Class OpenBSD | OpenBSD | 3.X | general purpose

Fingerprint OpenBSD 3.2 (X86)
Class OpenBSD | OpenBSD | 3.X | general purpose

Fingerprint OpenBSD 3.3
Class OpenBSD | OpenBSD | 3.X | general purpose

Fingerprint WatchGuard Firebox SOHO V5.x firewall
Class WatchGuard | embedded || firewall