http://readlist.com/lists/securityfocus.com/bugtraq/4/22004.html
"As you may appreciate, this enables DNS cache poisoning for OpenBSD much like my earlier attacks on BIND 9, BIND 8 and Microsoft Windows DNS server." "Interestingly enough, OpenBSD uses a flavor of this PRNG for another field, this time the IP fragmentation ID, part of the OpenBSD kernel network stack. The analysis carries out quite similarly to show that OpenBSD's IP ID is predictable as well, which gives way to O/S fingerprinting, idle-scanning, host alias detection, traffic analysis, and in some cases, even to TCP blind data injection." "FreeBSD, NetBSD and DragonFlyBSD committed a fix to their respective source code trees. OpenBSD decided not to fix, and Apple refused to provide any schedule for such fix." As well as ([5], by the OpenBSD project coordinator): "We had gone through great efforts with the CORE guys (who did the math side of our non-repeating random number generator) to make sure that attacks of that kind [predicting DNS transaction ID] would not be feasable [sic]." On December 18th, 2007, OpenBSDs coordinator stated, in an email, that "[OpenBSD is] completely uninterested in the problem and that [the] problem [...] is completely irrelevant in the real world. This is in direct contrast to statements and opinions made by the OpenBSD team recently, e.g. [4], [5] and [26]." The full paper is available at the following URL: http://www.trusteer.com/docs/dnsopenbsd.html
