NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2002-03

From: Crist J. Clark (crist.clarkattbi.com)
Date: Tue Mar 19 2002 - 19:51:17 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yuck. Following up to my own post.

I realize I wasn't clear on what "good" random numbers mean in IP ID
fields. To most people concerned about security, it means "not
incrementing." The problem with incrementing IP IDs of course being
the ability to do spoofed port scans on a quiescent server. Not using
incrementing IP IDs, using random ones when you need to and constant
(the 0 ones you observed) ones when DF is set, prevents these kinds of
scans.

-- 
Crist J. Clark                     |     cjclarkalum.mit.edu
                                   |     cjclarkjhu.edu
http://people.freebsd.org/~cjc/    |     cjcfreebsd.org

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]