Re: Identifying Kernel 2.4.x based Linux machines using UDP

From: Crist J. Clark (crist.clarkat_private)
Date: Tue Mar 19 2002 - 17:51:17 PST

Next message: advisoryat_private: "Default SNMP configuration issue with Foundry Networks EdgeIron 4802F"

Previous message: Crist J. Clark: "Re: Identifying Kernel 2.4.x based Linux machines using UDP"
In reply to: Ofir Arkin: "Identifying Kernel 2.4.x based Linux machines using UDP"
Next in thread: Fletcher, Stephen J: "RE: Identifying Kernel 2.4.x based Linux machines using UDP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yuck. Following up to my own post.

I realize I wasn't clear on what "good" random numbers mean in IP ID
fields. To most people concerned about security, it means "not
incrementing." The problem with incrementing IP IDs of course being
the ability to do spoofed port scans on a quiescent server. Not using
incrementing IP IDs, using random ones when you need to and constant
(the 0 ones you observed) ones when DF is set, prevents these kinds of
scans.
-- 
Crist J. Clark                     |     cjclarkat_private
                                   |     cjclarkat_private
http://people.freebsd.org/~cjc/    |     cjcat_private

Next message: advisoryat_private: "Default SNMP configuration issue with Foundry Networks EdgeIron 4802F"
Previous message: Crist J. Clark: "Re: Identifying Kernel 2.4.x based Linux machines using UDP"
In reply to: Ofir Arkin: "Identifying Kernel 2.4.x based Linux machines using UDP"
Next in thread: Fletcher, Stephen J: "RE: Identifying Kernel 2.4.x based Linux machines using UDP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 20 2002 - 15:20:08 PST