> I'm talking about sampling the IP ID value you get in return from a PING > response. A firewall typically has multiple ports. If pinging the > gateway from any of these ports cause an increment of a shared IP ID > value, then anyone that can ping the common firewall will see the IP ID > updates the other parties are doing. > > --HPS
Hello, I known this is not exactly the "attack" you described (RX/TX communication using IP ID), but our random implementation of IP ID does not completely prevents somebody from guessing the traffic made by the gateway. By default we use a parameter (N=8192) in order not to reuse a given amount of previously used IP IDs. If you ping the gateway and if there is no traffic, you are sure not to get the N previously received IP ID. This is a kind of hint of the load of the gateway. Emeric _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
