i believe the normalizations discussed by ven paxson at USENIX Security 01 can help alleviate the threat of the IP ID scan discussed. another excellent discussion of this technique is given in [2]. the openbsd firewall package 'pf' has a scrub action that implements many of these normalizations. 1. vern's WAY cool paper. http://www.icir.org/vern/papers/norm-usenix-sec-01-html/ 2. node in the above paper on IP ID scans: http://www.icir.org/vern/papers/norm-usenix-sec-01-html/node8.html ____________________________ jose nazario joseat_private PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 13:51:05 PST