Page 1 of 1
random ip id's
Posted:
Thu Jun 12, 2003 1:50 pmby supermike
Hello, I have CONFIG_GRKERNSEC_RANDID enabled (1.9.9h)
but a scan using nessus gives the warning:
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host... etc.
Can someone tell me if it's false positive or how I can check that
Thanks,
Mike
Posted:
Thu Jun 12, 2003 6:49 pmby spender
use tcpdump -vvv. It will display the IP IDs of packets you are sending out. Also, make sure you don't have the sysctl option enabled and haven't set the /proc/sys/kernel/grsecurity/rand_ip_ids value to 1.
-Brad
Posted:
Fri Jun 13, 2003 12:22 amby supermike
thanks, I checked and they look pretty random to me so it must be nessus reporting that incorrectly
Re: random ip id's
Posted:
Fri Jun 13, 2003 8:51 amby pappy
[quote="supermike"]Hello, I have CONFIG_GRKERNSEC_RANDID enabled (1.9.9h)
but a scan using nessus gives the warning:
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host... etc.
Can someone tell me if it's false positive or how I can check that
Thanks,
Mike[/quote]
FYI, did you put the corresponding echo "1" > /proc/.../grsecurity/* into the proc filesystem to actually enable what you compiled in?
HTH,
Alex