On Sat, 13 Sep 2003 itojun@iijlab.net wrote:

> >>        note also freebsd and Solaris do randomize ip_id.
> >>http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_output.c.diff?r1=1.188&r2=1.189
> >For those who have poor reading skills, please note that the FreeBSD 4
> >randomized ip_ids are an config-time option, and the option defaults
> >to "off".  I think that's a *good* example for us to follow.
> >(Anyone who read the netipsec/ code should have notice that; netipsec/
> >still has support for the FreeBSD 4 option header and ifdef.)
>
> 	based on nmap OS fingerprint database, freebsd randomizes ip_id.
> 	also you see even quite a few embedded products (like small broadband
> 	router) randomizes ip_id.  why we can't do it for netbsd.

I don't think most folks are against this being an option that defaults to
off. We're against it being on all the time no matter what.

Take care,

Bill