Subject: Re: synchronous ip_id
To: Niels Provos <provos@citi.umich.edu>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-net
Date: 02/24/2003 15:08:29
>Nobody was talking about repeating very quickly.

The sparseness of the space is already worrisome.  You're talking
about shrinking it by half.  In my book, 16 bits is already "quickly"
and you're getting to the border of "very quickly". Just doesn't
seem worth it for an issue which (as smb said):

>I've never been impressed by that as a security issue.


if recent ipfilter already protects against counting-NATed-hosts, I'd
much prefer that NetBSD stick with a full 16 bits of ip_id until after
we implement something like smb outlined: per-destination (or eeven
per-IPsrc/IPdst) space for ip_ids.

As always, YMMV.