RE: DDoS Attack
From: David Gillett (gillettdavid_at_fhda.edu)
Date: 05/29/03
- Previous message: Jonathan A. Zdziarski: "RE: A question for the list..."
- In reply to: Justin Pryzby: "Re: DDoS Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <incidents@securityfocus.com> Date: Thu, 29 May 2003 08:12:29 -0700
> .... The IP ID number is just a
> unique identifier of communication between two hosts over a given
> protocol. It exists so that (for example) a webserver can serve a
> client multiple pages concurrently. The IP ID number cannot
> be used to provide any kind of security. It seems different OSs
> even use widely different schemes to decide when to increment it
> and when to use an entirely different number.
I believe it's somewhat less significant than THAT, even. IP ID
numbers are used to correlate IP (fragment) frames that contain parts
of the same higher-layer packet, and are totally irrelevant if no
IP-level fragmentation has occurred. Nobody cares what their value
is, as long as it's the same across all fragments that need to be
reassembled into some packet, and different from any other fragments
in the same direction of the same conversation.
(The correct way for a web server to deliver multiple objects to a
client in parallel is over multiple client-end TCP *PORT* numbers.)
David Gillett
----------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Jonathan A. Zdziarski: "RE: A question for the list..."
- In reply to: Justin Pryzby: "Re: DDoS Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
