In article <[EMAIL PROTECTED]>,
Salvatore Sanfilippo -antirez- <[EMAIL PROTECTED]> wrote:
> i think that a consecutive IP id now can be considered
> a weakness in IP stacks. [...] Here is a patch for
> linux 2.0.36 [...] 'Truly random id' [...]
Your patch isn't secure. It uses a weak pseudo-random number
generator to generate id's, and an attacker can just crack the
PRNG to predict what id's will be used in the future.
I think you probably want to use /dev/urandom to generate your
IP id's, to prevent this attack. (Or use a variant of Bellovin's
RFC 1948, adapted to generate IP id's instead of TCP ISN's.)
