Re: non-random IP IDs

From: David S. Miller (davem@redhat.com)
Date: Thu Jan 25 2001 - 16:02:22 EST


Alexandre Hautequest writes:
> I was playing a bit on some of my machines with Nessus (www.nessus.org), and it
> told me the following text:
>

Nessus is saying something bogus to you.

> Is there some option to dinamically enable this random IP ID's, or I need to
> change something and recompile, or just "No way!"?

Ip IDs only matter when packets can be fragmented. If the packet
cannot be fragmented, the Ip ID field serves no purpose. Whatever the
nessus thing did to test this, it used a IP packet to/from the linux
box which had the "Don't Fragment" bit set in the IP header, which as
a consequence means the ID field is meaningless.

If the "don't fragment" bit were not set, and fragmentation was
possible, Linux will use a randomized ID field. The nessus folks
need to fix their test.

Later,
David S. Miller
davem@redhat.com

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Wed Jan 31 2001 - 21:00:23 EST