random ip id's

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

random ip id's

Postby supermike » Thu Jun 12, 2003 1:50 pm

Hello, I have CONFIG_GRKERNSEC_RANDID enabled (1.9.9h)
but a scan using nessus gives the warning:
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host... etc.

Can someone tell me if it's false positive or how I can check that
Thanks,
Mike
supermike
 
Posts: 13
Joined: Fri Sep 20, 2002 9:59 pm

Postby spender » Thu Jun 12, 2003 6:49 pm

use tcpdump -vvv. It will display the IP IDs of packets you are sending out. Also, make sure you don't have the sysctl option enabled and haven't set the /proc/sys/kernel/grsecurity/rand_ip_ids value to 1.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby supermike » Fri Jun 13, 2003 12:22 am

thanks, I checked and they look pretty random to me so it must be nessus reporting that incorrectly
supermike
 
Posts: 13
Joined: Fri Sep 20, 2002 9:59 pm

Re: random ip id's

Postby pappy » Fri Jun 13, 2003 8:51 am

[quote="supermike"]Hello, I have CONFIG_GRKERNSEC_RANDID enabled (1.9.9h)
but a scan using nessus gives the warning:
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host... etc.

Can someone tell me if it's false positive or how I can check that
Thanks,
Mike[/quote]

FYI, did you put the corresponding echo "1" > /proc/.../grsecurity/* into the proc filesystem to actually enable what you compiled in?

HTH,

Alex
pappy
 
Posts: 3
Joined: Wed May 14, 2003 9:47 am


Return to grsecurity support