[prev in list] [next in list] [prev in thread] [next in thread]
List: netbsd-tech-net
Subject: Re: random ip_id must be configurable
From: "Darren Reed" <darrenr () NetBSD ! org>
Date: 2003-10-07 6:48:49
[Download RAW message or body]
> On Fri, Sep 12, 2003 at 11:04:36PM -0000, Darren Reed wrote:
> > > i got a couple of references on ip_id/DNS id attacks:
> > >
> > > smb's paper on counting hosts behind NAT using ip_id. if you use
> > > non-random ip_id, number of hosts behind NAT will be revealed.
> >
> > Yes. And so what ? This change (generating pseudo-random ones for NetBSD)
> > does nothing to address the problem for NAT unless it is a NetBSD box that
> > is being NAT'd. IPFilter 4.0 provides an adequate knob (unlike pf) that
> > resolves this.
>
> huh?
> we have a knob for that in pf since at least 6 months.
Yup.
> am I missing something or do you?
How would I know what you're missing? I do know I'm not in this instance.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic