Reducing ip_id information leakage
"." at babolo.ru
"." at babolo.ru
Wed Apr 30 15:20:38 PDT 2003
> <<On Wed, 30 Apr 2003 16:35:24 -0500 (CDT), Mike Silbersack <silby at silby.com> said:
>
> > I think that even a trivial pseudo-random sequence would be good to
> > implement. With the standard ip_id++ sequence, you can precisely monitor
> > the number of packets sent and also determine if two IPs are shared by the
> > machine without any work.
>
> See Bellovin's paper for how to do it for any fixed increment without
> much work.
>
> The trouble is that we need sequences that are guaranteed not to
> repeat too fast -- and even then we'll still break on modern networks
> anyway, as I noted in my comment.
Why not to use 16 bit of 32 bit pseudorandom generator?
> Solaris apparently goes out of its way to create a different ip_id
> sequence for every combination of <s,d,protocol> (which is allowed),
> but this still doesn't buy you much if your system is capable of
> performing NFSv2 transactions at 100 Mbit/s.
>
> > I have this nagging feeling that taking most TCP sessions out of the
> > equation makes the obfuscation of the remaining ip_id'd packets more
> > important, but I can't figure out why exactly.
>
> I feel rather the opposite.
>
> > Do we set the DF flag on most UDP and ICMP packets?
>
> ping(8) can set it, but the kernel is not able to do so, since it
> can't predict the MTU in advance of sending the ICMP.
More information about the freebsd-net
mailing list