Re: non-random IP IDs

[Niels Provos]

In message <[EMAIL PROTECTED]>, Kris Kennaway writes:
>Presumably there was some reasoning there.  Niels, can you shed any
>light?
No reasoning.  You do not need the htons().  The fragment ids just
need to be unique.  An htons() does not change that property.  I dont
like that code very much.  A variable-block-size cipher in counter
mode would do the job better.

However, what many ppl do not realize is that you can use predictable
ip ids to anonymously port scan machines.  Bugtraq talks about how to
do that.

Niels.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message