In article <19990806123911.A1147at_private>, Salvatore Sanfilippo -antirez- <antirezat_private> wrote: > i think that a consecutive IP id now can be considered > a weakness in IP stacks. [...] Here is a patch for > linux 2.0.36 [...] 'Truly random id' [...] Your patch isn't secure. It uses a weak pseudo-random number generator to generate id's, and an attacker can just crack the PRNG to predict what id's will be used in the future. I think you probably want to use /dev/urandom to generate your IP id's, to prevent this attack. (Or use a variant of Bellovin's RFC 1948, adapted to generate IP id's instead of TCP ISN's.)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:46 PDT