On Fri, 2003-10-03 at 11:18:07 -0700, D. Rick Anderson proclaimed... > I'm getting back "The remote host uses non-random IP IDs" from Nessus, > and I was wondering if anybody knows how to make this go away on a RH > 8.0 firewall? I've found the question asked a bunch of times, but I > can't seem to find a real answer.
Seems like all you want to do is have a nice pretty "we're safe" report, rather than actually know your vulnerabilities. That said, you need a firewall capable of doing sequence number hardening (rewriting). OpenBSD's pf does it; Netscreen does it; the Cisco PIX does it. Firewall-1 apparently does it - though not very reliably. Older Linux kernels did it, but I haven't used linux in not-long-enough.
