Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/sys/netinet



In message <20030911015148.GA7118%multics.mit.edu@localhost>, John Hawkinson 
writes:
>Steven M. Bellovin <smb%research.att.com@localhost> wrote on Tue,  9 Sep 2003
>at 07:40:55 -0400 in 
><20030909114055.1D4007B44%berkshire.research.att.com@localhost>:
>
>> >Without wanting to advocate change for the sake of change, how much
>> >sense does it make to go a step further and use a constant value in
>> >the ID field (say 0?) for all "do not fragment" packets ?
>> 
>> It makes a lot of sense, though it gives away some fingerprinting info. 
>> In fact, I believe that some Linux distributions already do just that.
>> (At least one brand of router uses 0 for link-local OSPF packets, which 
>> it knows can't be fragmented, and a counter for TCP.)
>
>I'm curious if it really buys us very much. Having consistently
>increasing ip IDs (and even different IP IDs) can be a valuable
>debugging tool.

It blocks some stealth scanning techniques, and defeats my "count the 
hosts behind a NAT" technique.  I believe that the latest ipf does the
latter when it's acting as a NAT, but it doesn't help machines that are 
behind commercial NATs.


                --Steve Bellovin, http://www.research.att.com/~smb





Home | Main Index | Thread Index | Old Index