Re: non-random IP IDs

From: Mike Silbersack (silby@silby.com)
Date: 04/12/01 

Date: Thu, 12 Apr 2001 00:40:32 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Mark T Roberts <newsletter@marktroberts.com>

On Thu, 12 Apr 2001, Mark T Roberts wrote:

> The other night I did a nessus security scan on my freeBSD box and I got the
> following warning. I am hopping someone on this mailing list can give me a
> better idea what this warning means.
>
> Thanks
> Mark
>
> NESSUS Warning...
> The remote host uses non-random IP IDs, that is, it is
> possible to predict the next value of the ip_id field of
> the ip packets sent by this host.

Each IP packet sent has with it a 16-bit ID. The numbers must remain
unique over a short period of time so fragmentation can work properly. As
such, everything except recent openbsds simple increments the id by 1 for
each packet sent out.

As a result, you can tell the number of packets sent on an idle host by
seeing the difference in id numbers for the packets it sends back to you.
It's not really that important of an issue, don't worry about it.

Mike "Silby" Silbersack

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: FreeBSD 7, bridge, PF and syn flood = very bad performance
    ... I am using pf from 7.0-RELEASE FreeBSD 7.0-RELEASE ... FW Setup: As Bridge ... But the other thing we setup with PF is Altq. ... the CPU load goes high it drops heaps of packets. ...
    (freebsd-current)
  • Need VPN access from FreeBSD to Windows-fronted VPN
    ... a companies private network, which is accessible on the Internet ... My FreeBSD system has a static IP within a /27 routed netblock, ... Google suggested that pptp would be the choice to do this on FreeBSD, ... However, it doesn't actually pass packets, and if you try to ping anything ...
    (comp.unix.bsd.freebsd.misc)
  • CPU utilisation cap?
    ... FreeBSD 5.2.1-RELEASE with SMP and IO-APIC disabled. ... The particular benchmark I have been using is a UDP echo test, ... Throughput is measured on the boxes which generate the UDP packets. ... I am measuring idle time using a CPU soaker process which runs at a very ...
    (freebsd-performance)
  • Re: network performance
    ... After playing with many settings and testing various configuration, now I'm able to to receive on bridge more then 800,000 packets/s ... Unfortunately the server behind bridge can't handle more then 250,000 packets/s ... I'm trying test a bridge firewall under FreeBSD 7. ... packets errs bytes packets errs bytes colls drops ...
    (freebsd-performance)
  • [FreeBSD-Announce] FreeBSD Errata Advisory FreeBSD-SA-06:04.ipfw
    ... For general information regarding FreeBSD Security Advisories, ... including descriptions of the fields above, security branches, and the ... back TCP reset or ICMP unreachable packets. ... performed by using the reset, ...
    (freebsd-announce)