tech-net: Re: kernel ip_randomid() and libc randomid(3) still "broken"

Subject: Re: kernel ip_randomid() and libc randomid(3) still "broken"
To: None <kre@munnari.OZ.AU>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: tech-net
Date: 11/27/2003 02:59:28

>   | 	so we can either:
>   | 	- stop skipping random number of ids (n=0)
>   | 	- reduce numbers on the manpage to 1/3
>   | 	and then we are happpy.
> 
> The problem with all of this is that in order to make it a bit more
> difficult to suffer from a (fairly unlikely) DoS type attack, you're
> proposing breaking IP.

	i don't.  you are asserting the old (and probably obsolete) meaning
	TTL all the time.  nowadays TTL field really means "hoplimit" (if
	there's any device that interprets TTL field as "seconds", please show
	me).  so i think your assertion and logic based on TTL = seconds no
	longer holds, and the # of packets that can be sent between ID
	recycling is no longer a concern.

	based on that, i think it okay for IP fragment ID field to cycle
	more frequently than traditional 4.4BSD, i.e. more frequently than
	64K packets.  we use "more frequency of recycle" chance to make
	fragment ID guessing-based attacks harder, that's the point of
	ip_randomid().

itojun