Hello, I have CONFIG_GRKERNSEC_RANDID enabled (1.9.9h)
but a scan using nessus gives the warning:
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host... etc.
Can someone tell me if it's false positive or how I can check that
Thanks,
Mike
random ip id's
4 posts
• Page 1 of 1
random ip id's
by supermike » Thu Jun 12, 2003 1:50 pm
- supermike
- Posts: 13
- Joined: Fri Sep 20, 2002 9:59 pm
by spender » Thu Jun 12, 2003 6:49 pm
use tcpdump -vvv. It will display the IP IDs of packets you are sending out. Also, make sure you don't have the sysctl option enabled and haven't set the /proc/sys/kernel/grsecurity/rand_ip_ids value to 1.
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
Re: random ip id's
by pappy » Fri Jun 13, 2003 8:51 am
[quote="supermike"]Hello, I have CONFIG_GRKERNSEC_RANDID enabled (1.9.9h)
but a scan using nessus gives the warning:
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host... etc.
Can someone tell me if it's false positive or how I can check that
Thanks,
Mike[/quote]
FYI, did you put the corresponding echo "1" > /proc/.../grsecurity/* into the proc filesystem to actually enable what you compiled in?
HTH,
Alex
but a scan using nessus gives the warning:
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host... etc.
Can someone tell me if it's false positive or how I can check that
Thanks,
Mike[/quote]
FYI, did you put the corresponding echo "1" > /proc/.../grsecurity/* into the proc filesystem to actually enable what you compiled in?
HTH,
Alex
- pappy
- Posts: 3
- Joined: Wed May 14, 2003 9:47 am
4 posts
• Page 1 of 1