grsecurity forums

[Clara_15]

Hi,

I have patch kernel 2.6.24.4 with grsec 2.1.11 and options missing in "Network Protections" like:

- Truly random TCP ISN selection (rand_isns)
- Randomized IP IDs: (rand_ip_ids)
- Randomized TCP source ports: (rand_tcp_src_ports)
- Randomized RPC XIDs: (rand_rpc)
- Altered Ping IDs: (altered_pings)

As u can see on my screenshot: http://img255.imageshack.us/img255/6121/grsecte7.png
Thx! see u.

[cormander]

I believe these were removed from the 2.1.11 version of grsecurity, I haven't seen them in quite a while.

[Clara_15]

OK thx to you.

But, do you think theses options are enabled by default?

Because i was particulary interrested by this, for example, against TCP/IP fingerprint, idle host scanning etc...

See you! Clara.

[spender]

Altered ping IDs was removed because it provided no security benefit. For the others, the code present in more recent kernels is sufficient for security purposes.

-Brad

[Clara_15]

Hi spender,

Altered ping IDs was removed because it provided no security benefit.

OK, but u can use that for OS fingerprint.

For the others, the code present in more recent kernels is sufficient for security purposes.

IP ID can be use for idle host scanning, see http://nmap.org/idlescan.html

And u can do an OS FINGERPRINT witch TCP ISN, know OS use by remote machine and applications + versions, for example, and if your application is vulnerable u can use an exploit or and 0-day for exploitation...

Attaks begin by research of informations about your target, and i think its was good idea to obfuscated results, add a layer security protect.

What do u think about that ?