[PATCH] Re: predictable IP ID

Savochkin Andrey Vladimirovich (saw@msu.ru)
Sat, 25 Sep 1999 22:54:50 +0400


Well, I've finished a reference implementation of IP ID generation on a true
per-destination basis.
ftp://ftp.nc.orc.ru/pub/Linux/people/saw/kernel/ipid.2

The patch introduces a new storage of persistent per-destination information
referenced from the route cache. Initial IP ID is generated randomly for
each destination and then is increased by 1 with outgoing each packet.
The construction makes IP ID using between two hosts totally unpredictable
for attackers not being able to sniff the traffic between these hosts.

The patch has two unsolved problems:
- IDs for raw ip packets;
- possible DoS attacks by filling the cache and blocking new node creation
(thus blocking communications with new legal peers).
The #2 is a problem hard to avoid in this model.

Opinions?

Best wishes
Andrey V.
Savochkin

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/