Hi Togan, On 2001.09.08 13:32:57 +0100 Togan Muftuoglu wrote:
Hi,
To test the effects of tinyproxy I have started on the firewall PC I did a nessus test via www.vulnerabilities.org. I did the test with and without the tinyproxy and the below comment is bothering me. This was not coming out with the tests I did before at the same site with the same Hardware and Software (SuSE linux 7.1 Kernel 2.2.19). The only change is the ISP is assigning the IP's from a different pool used to be 212.156.196.x now it 212.174.48.x /212.174.49.x) and maybe it has something to do from the ISP end ?? or my misconfiguration of something
Security Warning found on port general/tcp
The remote host uses non-random IP IDs, that is, it is possible to predict the next value of the ip_id field of the ip packets sent by this host.
An attacker may use this feature to determine if the remote host sent a packet in reply to another request. This may be used for portscanning and other things.
Solution : Contact your vendor for a patch Risk factor : Low
AFAIK, this refers to the packet ID for tcp/ip packets - so that packets can be re-assembled at the receiving end of an IP connction. The implication is that a new connecton ID can be predicted from previous packets, so a dedicated cracker will be able to spot if the sequence changes and know how many packets you have sent - but IMHO if you are being watched that closely, the cracker has probably already sniffed the packets anyway... :-( Don't know how your changes would cause this - unless there is some setting in /proc somewhere that you have inadvertently [not] changed with the change in your IP pool HTH Maf,
-- Togan Muftuoglu
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "It is easier to do a job right than to explain why you didn't." - Martin Van Buren ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~