Re: IP-ID field of ICMP echo request

To:	Kohei OHTA <kohei@xxxxxxxxxx>
Subject:	Re: IP-ID field of ICMP echo request
From:	Ulisses <ra993482@xxxxxxxxxxxxx>
Date:	07 Jul 2003 15:40:36 -0300
Cc:	netdev@xxxxxxxxxxx
In-reply-to:	<3F095B7B.5090203@xxxxxxxxxx>
References:	<3F095B7B.5090203@xxxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx

On Mon, 2003-07-07 at 08:37, Kohei OHTA wrote:

> I found a strange packet, which is generated by ping of Linux.
> It is observed ID field of IP header in ping packet (Echo request) is always 
> 0.
> 
> I confirmed this on kernel 2.4.18 and 2.4.21.
> My colleague also confirmed this is fixed in kernel 2.5.74.
> 
> I hope this is fixed in next next 2.4.x release.

Hi, Kohei,

        I guess this behaviour is to prevent Idle scanning, that is based on
predictable IPID numbers [1]. Therefore, the Linux TCP/IP stack uses 0
as IPID when the DF (Don't Fragment) bit is set. I'm not sure, but I
think that Linux also uses peer-specific IPID numbers to make the
prediction harder.

-- Ulisses

[1] http://www.insecure.org/nmap/idlescan.html

<Prev in Thread]	Current Thread	[Next in Thread>
IP-ID field of ICMP echo request, Kohei OHTA Re: IP-ID field of ICMP echo request, Maciej Soltysiak Re: IP-ID field of ICMP echo request, YOSHIFUJI Hideaki / 吉藤英明 Re: IP-ID field of ICMP echo request, Maciej Soltysiak Re: IP-ID field of ICMP echo request, YOSHIFUJI Hideaki / 吉藤英明 Re: IP-ID field of ICMP echo request, Ulisses <= Re: IP-ID field of ICMP echo request, Kohei OHTA

Previous by Date:	route-cache status?, alex
Next by Date:	disablenetwork() syscall?, Pekka Savola
Previous by Thread:	Re: IP-ID field of ICMP echo request, YOSHIFUJI Hideaki / 吉藤英明
Next by Thread:	Re: IP-ID field of ICMP echo request, Kohei OHTA
Indexes:	[Date] [Thread] [Top] [All Lists]