Bugtraq mailing list archives
Re: Identifying Kernel 2.4.x based Linux machines using UDP
From: "Crist J. Clark" <crist.clark () attbi com>
Date: Tue, 19 Mar 2002 17:51:17 -0800
Yuck. Following up to my own post. I realize I wasn't clear on what "good" random numbers mean in IP ID fields. To most people concerned about security, it means "not incrementing." The problem with incrementing IP IDs of course being the ability to do spoofed port scans on a quiescent server. Not using incrementing IP IDs, using random ones when you need to and constant (the 0 ones you observed) ones when DF is set, prevents these kinds of scans. -- Crist J. Clark | cjclark () alum mit edu | cjclark () jhu edu http://people.freebsd.org/~cjc/ | cjc () freebsd org
Current thread:
- Identifying Kernel 2.4.x based Linux machines using UDP Ofir Arkin (Mar 19)
- Re: Identifying Kernel 2.4.x based Linux machines using UDP Crist J. Clark (Mar 20)
- Re: Identifying Kernel 2.4.x based Linux machines using UDP Crist J. Clark (Mar 20)
- Re: Identifying Kernel 2.4.x based Linux machines using UDP Charles-Edouard Ruault (Mar 20)
- Re: Identifying Kernel 2.4.x based Linux machines using UDP Fyodor (Mar 25)
- <Possible follow-ups>
- RE: Identifying Kernel 2.4.x based Linux machines using UDP Fletcher, Stephen J (Mar 20)