[e2e] Re: Question on "identification" field of IP header
Rick Jones
raj at tardy.cup.hp.com
Mon Dec 16 10:49:21 PST 2002
> Thanks for the pointer. I have heard that the IP ID field is used for
> covert channel by hackers. Apparently a rogue SSL implementation was
> leaking session keys in the IP ID field. While not foolproof or the
> ultimate defense, if I don't need to use the IP ID field for IP
> datagrams with the don't fragment bit set (mostly TCP), then it may be
> useful as an intrusion detection technique.
I'd be very careful fixing the IP ID - I have been told by one major
"interconnect" vendor that some of their products have ways to allow
the customer (at customers persistent request) to cause the devices to
ignore and clear the DF bit...
rick jones
More information about the end2end-interest
mailing list