netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IP-ID field of ICMP echo request

from [Kohei OHTA] [Permanent Link][Original]
To: Ulisses <ra993482@xxxxxxxxxxxxx>
Subject: Re: IP-ID field of ICMP echo request
From: Kohei OHTA <kohei@xxxxxxxxxx>
Date: Tue, 08 Jul 2003 10:59:00 +0900
Cc: netdev@xxxxxxxxxxx
In-reply-to: <1057603237.1001.18.camel@ryback>
References: <3F095B7B.5090203@xxxxxxxxxx> <1057603237.1001.18.camel@ryback>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) 
Ulisses,

Thanks for your helpful information. I understood the reason.

The article pointed by you says
"Linux 2.4 also uses peer-specific IPID values (see net/ipv4/inetpeer.c)."

That is great.

Kohei.

>>I found a strange packet, which is generated by ping of Linux.
>>It is observed ID field of IP header in ping packet (Echo request) is always 
>>0.
>>
>>I confirmed this on kernel 2.4.18 and 2.4.21.
>>My colleague also confirmed this is fixed in kernel 2.5.74.
>>
>>I hope this is fixed in next next 2.4.x release.
> 
> Hi, Kohei,
> 
>       I guess this behaviour is to prevent Idle scanning, that is based on
> predictable IPID numbers [1]. Therefore, the Linux TCP/IP stack uses 0
> as IPID when the DF (Don't Fragment) bit is set. I'm not sure, but I
> think that Linux also uses peer-specific IPID numbers to make the
> prediction harder.
> 
> -- Ulisses
> 
> [1] http://www.insecure.org/nmap/idlescan.html
> 
> 
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: question about linux tcp request queue handling, Andi Kleen
Next by Date:  Re: question about linux tcp request queue handling, Paul Albrecht
Previous by Thread:  Re: IP-ID field of ICMP echo request, Ulisses
Next by Thread:  Unaccepted Connections, Steve G
Indexes:  [Date] [Thread] [Top] [All Lists]