[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Reducing ip_id information leakage
- Subject: Reducing ip_id information leakage
- From: wollman at lcs.mit.edu (Garrett Wollman)
- Date: Wed Apr 30 15:50:13 2003
<<On Wed, 30 Apr 2003 01:58:36 -0500 (CDT), Mike Silbersack <silby_(_at_)_silby_(_dot_)_com> said:
> Looks good to me, I've been contemplating doing just this for a while.
> It's too bad we don't have an inexpensive function we can use for the !DF
> case. I'd like to make the OpenBSD function the default for frag packets,
> but it seems just too heavyweight..
What we'd really like is cheap random sequences on Z/65536Z. It is
fairly trivial to generate cheap non-random sequences on that group --
there's a whole family of trivial ones, but these are easy to analyze.
Ultimately I don't think it's really worth that much effort, and the
DF trick, since it's normally enabled for all TCP sessions, gives us
99% of the value at 0.1% of the cost.