[grsec] Randomized IP IDs/TTL
Brad Spengler
spender at grsecurity.net
Sun Jul 3 18:25:03 EDT 2005
> I sniffed some packets with tcpdump but the IP ID was still increasing
> and definitively not randomized.
It's not randomized for IP IDs for a specific connection, but the start
IP ID is randomized for each connection, which is the only security
relevant part (making sure that an attacker can't tell anything about
traffic to the system, which can be used to bounce portscans). With
per-connection incrementing IDs, bounced portscans aren't possible, and
it's unnecessary to set IP IDs when the DF (don't fragment) flag is set,
so the feature was removed.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050703/a6cc59af/attachment.pgp
More information about the grsecurity
mailing list