All of lore.kernel.org
 help / color / mirror / Atom feed
From: Kohei OHTA <kohei@cysols.com>
To: Ulisses <ra993482@ic.unicamp.br>
Cc: netdev@oss.sgi.com
Subject: Re: IP-ID field of ICMP echo request
Date: Tue, 08 Jul 2003 10:59:00 +0900	[thread overview]
Message-ID: <3F0A2564.6030003@cysols.com> (raw)
In-Reply-To: <1057603237.1001.18.camel@ryback>

Ulisses,

Thanks for your helpful information. I understood the reason.

The article pointed by you says
"Linux 2.4 also uses peer-specific IPID values (see net/ipv4/inetpeer.c)."

That is great.

Kohei.

>>I found a strange packet, which is generated by ping of Linux.
>>It is observed ID field of IP header in ping packet (Echo request) is always 0.
>>
>>I confirmed this on kernel 2.4.18 and 2.4.21.
>>My colleague also confirmed this is fixed in kernel 2.5.74.
>>
>>I hope this is fixed in next next 2.4.x release.
> 
> Hi, Kohei,
> 
> 	I guess this behaviour is to prevent Idle scanning, that is based on
> predictable IPID numbers [1]. Therefore, the Linux TCP/IP stack uses 0
> as IPID when the DF (Don't Fragment) bit is set. I'm not sure, but I
> think that Linux also uses peer-specific IPID numbers to make the
> prediction harder.
> 
> -- Ulisses
> 
> [1] http://www.insecure.org/nmap/idlescan.html
> 
> 
> 

      reply	other threads:[~2003-07-08  1:59 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-07-07 11:37 IP-ID field of ICMP echo request Kohei OHTA
2003-07-07 12:29 ` Maciej Soltysiak
2003-07-07 12:39   ` YOSHIFUJI Hideaki / 吉藤英明
2003-07-07 12:48     ` Maciej Soltysiak
2003-07-07 13:11       ` YOSHIFUJI Hideaki / 吉藤英明
2003-07-07 18:40 ` Ulisses
2003-07-08  1:59   ` Kohei OHTA [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3F0A2564.6030003@cysols.com \
    --to=kohei@cysols.com \
    --cc=netdev@oss.sgi.com \
    --cc=ra993482@ic.unicamp.br \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.