[grsec] Randomized IP IDs/TTL
Gerald Holl
gerald at holl.co.at
Mon Jul 4 04:39:17 EDT 2005
Brad Spengler wrote:
> It's not randomized for IP IDs for a specific connection, but the start
> IP ID is randomized for each connection, which is the only security
> relevant part (making sure that an attacker can't tell anything about
> traffic to the system, which can be used to bounce portscans). With
> per-connection incrementing IDs, bounced portscans aren't possible, and
> it's unnecessary to set IP IDs when the DF (don't fragment) flag is set,
> so the feature was removed.
Hello Brad!
Thanks for the explanation - now it's clear.
Since which 2.6 kernel are the IP IDs randomized?
The main reason why I "use" randomized IP IDs is because my internet
provider doesn't allow to run more than one host.
cheers,
--
Gerald Holl
http://holl.co.at
More information about the grsecurity
mailing list