Security Incidents mailing list archives
RE: DDoS Attack
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 29 May 2003 08:12:29 -0700
.... The IP ID number is just a unique identifier of communication between two hosts over a given protocol. It exists so that (for example) a webserver can serve a client multiple pages concurrently. The IP ID number cannot be used to provide any kind of security. It seems different OSs even use widely different schemes to decide when to increment it and when to use an entirely different number.
I believe it's somewhat less significant than THAT, even. IP ID numbers are used to correlate IP (fragment) frames that contain parts of the same higher-layer packet, and are totally irrelevant if no IP-level fragmentation has occurred. Nobody cares what their value is, as long as it's the same across all fragments that need to be reassembled into some packet, and different from any other fragments in the same direction of the same conversation. (The correct way for a web server to deliver multiple objects to a client in parallel is over multiple client-end TCP *PORT* numbers.) David Gillett ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: DDoS Attack, (continued)
- Re: DDoS Attack Sebastian Jaenicke (May 23)
- Re: DDoS Attack lists (May 23)
- RE: DDoS Attack Jonathan A. Zdziarski (May 23)
- Re: DDoS Attack Tim Greer (May 23)
- Re: DDoS Attack Angelz (May 23)
- RE: DDoS Attack Whiteside, Larry [contractor] (May 23)
- Re: DDoS Attack Justin Pryzby (May 23)
- Re: DDoS Attack Andrew Anderson (May 23)
- Re: DDoS Attack Justin Pryzby (May 25)
- Re: DDoS Attack Justin Pryzby (May 29)
- RE: DDoS Attack David Gillett (May 29)