New User, Welcome!     Login

the 3

A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"

But it gets more interesting. Several other BSD operating systems
copied the OpenBSD code for their own IP ID PRNG, so they're
vulnerable too. This is particularly so with Apple's Mac OS X,
Mac OS X Server and Darwin, but also with NetBSD, FreeBSD and
DragonFlyBSD (the 3 latter O/S however only use this PRNG when
the kernel flag net.inet.ip.random_id is set to 1; it is 0 by
default, resulting in a sequential counter to be used instead...).
OpenBSD, NetBSD and FreeBSD also use this PRNG for IP
fragmentation ID normalization feature (e.g. "scrub out random-
id") in the packet filter module.

Update+Errata: Re: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"

>
> But it gets more interesting. Several other BSD operating systems
> copied the OpenBSD code for their own IP ID PRNG, so they're
> vulnerable too. This is particularly so with Apple's Mac OS X,
> Mac OS X Server and Darwin, but also with NetBSD, FreeBSD and
> DragonFlyBSD (the 3 latter O/S however only use this PRNG when
> the kernel flag net.inet.ip.random_id is set to 1; it is 0 by
> default, resulting in a sequential counter to be used instead...).
> OpenBSD, NetBSD and FreeBSD also use this PRNG for IP
> fragmentation ID normalization feature (e.g. "scrub out random-
> id") in the packet filter module.


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!