On Mon, Apr 16, 2001 at 06:57:04PM -0700, Matt Dillon wrote:
>
> :No reasoning. You do not need the htons(). The fragment ids just
> :need to be unique. An htons() does not change that property. I dont
> :like that code very much. A variable-block-size cipher in counter
> :mode would do the job better.
> :
> :However, what many ppl do not realize is that you can use predictable
> :ip ids to anonymously port scan machines. Bugtraq talks about how to
> :do that.
> :
> :Niels.
>
> It's not worth doing. We would be introducing unnecessary cpu burn on
> every single packet we sent out, all to solve a problem that doesn't
> really exist.
Well, that's why it's a sysctl defaulting to off in my patch. Don't
turn it on if you don't want to.
Kris
PGP signature
