altered_pings not working?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

altered_pings not working?

Postby AverageUser » Sun Sep 01, 2002 5:43 pm

(grsecurity-1.9.6-2.4.19.patch.gz)

I'm not seeing any difference with altered_pings set to 1. When I ping my machine from another machine, tcpdump still shows a different ID in the echo reply than was used in the echo request:

[root@host /proc/sys/kernel/grsecurity]# echo 1 > altered_pings
[root@host /proc/sys/kernel/grsecurity]# cat altered_pings
1
[root@host /proc/sys/kernel/grsecurity]# tcpdump -vni eth0 icmp
tcpdump: listening on eth0
16:36:14.272827 192.168.0.9 > 192.168.0.1: icmp: echo request (DF) (ttl 64, id 0, len 84)
16:36:14.272887 192.168.0.1 > 192.168.0.9: icmp: echo reply (ttl 64, id 34446, len 84)
16:36:15.272954 192.168.0.9 > 192.168.0.1: icmp: echo request (DF) (ttl 64, id 0, len 84)
16:36:15.273004 192.168.0.1 > 192.168.0.9: icmp: echo reply (ttl 64, id 34447, len 84)
16:36:16.273080 192.168.0.9 > 192.168.0.1: icmp: echo request (DF) (ttl 64, id 0, len 84)
16:36:16.273126 192.168.0.1 > 192.168.0.9: icmp: echo reply (ttl 64, id 34448, len 84)
16:36:17.273209 192.168.0.9 > 192.168.0.1: icmp: echo request (DF) (ttl 64, id 0, len 84)
16:36:17.273249 192.168.0.1 > 192.168.0.9: icmp: echo reply (ttl 64, id 34449, len 84)
AverageUser
 
Posts: 7
Joined: Sun Aug 25, 2002 1:58 pm

Postby spender » Sun Sep 01, 2002 6:25 pm

What you're looking at are IP IDs. These are different than icmp echo ids. icmp echo ids are set within a union of the icmp payload. If you use iptables you can log the packets and look at the icmp id fields.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity support