On Thu, Apr 12, 2001 at 12:40:32AM -0500, Mike Silbersack wrote:
> Each IP packet sent has with it a 16-bit ID. The numbers must remain
> unique over a short period of time so fragmentation can work properly. As
> such, everything except recent openbsds simple increments the id by 1 for
> each packet sent out.
>
> As a result, you can tell the number of packets sent on an idle host by
> seeing the difference in id numbers for the packets it sends back to you.
> It's not really that important of an issue, don't worry about it.
Here's a patch ported from OpenBSD which randomizes this (supposedly
such that it respects the constraint of not wrapping within the
prescribed time period). I should wrap it in a sysctl, I guess.
http://www.freebsd.org/~kris/ipid.patch
Comments?
Kris
PGP signature
