tech-net: Re: random ip_id must be configurable

Subject: Re: random ip_id must be configurable
To: None <tech-net@NetBSD.org>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: tech-net
Date: 09/13/2003 06:33:43

	i got a couple of references on ip_id/DNS id attacks:

	smb's paper on counting hosts behind NAT using ip_id.  if you use
	non-random ip_id, number of hosts behind NAT will be revealed.

	There is a tool that exploits sequential DNS ids blindly at:
	http://www.packetfactory.net/Projects/zodiac/

	note also freebsd and Solaris do randomize ip_id.
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_output.c.diff?r1=1.188&r2=1.189

itojun