Bugtraq mailing list archives
Re: Linux zero IP ID vulnerability?
From: GomoR <bugtraq () gomor org>
Date: Wed, 22 Mar 2006 20:58:23 +0100
On Wed, Mar 15, 2006 at 10:26:00AM +0100, Marco Ivaldi wrote: [..]
Not sure i fully understand your comments... Anyway, here's an host showing the flawed behaviour (Gentoo Linux 2.6.14-gentoo-r5 + grsec):
Well, it may be related to GR security.
SinFP[1] exploits a difference in IP ID generation to detect(to some extent) the use of GR security inside a Linux kernel.
In fact, last time I checked, there was an option in GRsec configuration to alter IP ID generation behaviour. You can tryto play with this. [1] http://www.gomor.org/cgi-bin/index.pl?mode=view;page=net_sinfp
-- ^ ___ ___ http://www.GomoR.org/ <-+ | / __ |__/ Systems & Security Engineer | | \__/ | \ ---[ zsh$ alias psed='perl -pe ' ]--- | +--> Net::Packet <=> http://search.cpan.org/~gomor/ <--+
Current thread:
- Linux zero IP ID vulnerability? Marco Ivaldi (Mar 14)
- Message not available
- Re: Linux zero IP ID vulnerability? Marco Ivaldi (Mar 15)
- Message not available
- Re: Linux zero IP ID vulnerability? Andrea Purificato - bunker (Mar 16)
- <Possible follow-ups>
- Re: Linux zero IP ID vulnerability? Marco Ivaldi (Mar 17)
- Re: Linux zero IP ID vulnerability? Marco Ivaldi (Mar 23)
- Re: Linux zero IP ID vulnerability? GomoR (Mar 23)