Network Security: Detailed info on Re: Linux zero IP ID vulnerability?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Re: Linux zero IP ID vulnerability?

from [GomoR] Network Security

[Permanent Link]

Subject:	Re: Linux zero IP ID vulnerability?
Date:	Wed, 22 Mar 2006 20:58:23 +0100

On Wed, Mar 15, 2006 at 10:26:00AM +0100, Marco Ivaldi wrote:
[..]

Not sure i fully understand your comments... Anyway, here's an host
showing the flawed behaviour (Gentoo Linux 2.6.14-gentoo-r5 + grsec):

Well, it may be related to GR security.

SinFP[1] exploits a difference in IP ID generation to detect (to some extent) the use of GR security inside a Linux kernel.

In fact, last time I checked, there was an option in GRsec configuration to alter IP ID generation behaviour. You can try to play with this.

[1] http://www.gomor.org/cgi-bin/index.pl?mode=view;page=net_sinfp

--
^  ___  ___             http://www.GomoR.org/          <-+
| / __ |__/          Systems & Security Engineer         |
| \__/ |  \     ---[ zsh$ alias psed='perl -pe ' ]---    |
+-->  Net::Packet <=> http://search.cpan.org/~gomor/  <--+

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Linux zero IP ID vulnerability?, Marco Ivaldi Message not available Re: Linux zero IP ID vulnerability?, Marco Ivaldi Re: Linux zero IP ID vulnerability?, Andrea Purificato - bunker Re: Linux zero IP ID vulnerability?, Marco Ivaldi Re: Linux zero IP ID vulnerability?, Marco Ivaldi Re: Linux zero IP ID vulnerability?, GomoR <=

Previous by Date:	[Full-disclosure] [FLSA-2006:186277] Updated sendmail packages fix security issues, Jesse Keating
Next by Date:	Re: [Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), purplebag
Previous by Thread:	Re: Linux zero IP ID vulnerability?, Marco Ivaldi
Next by Thread:	[eVuln] CyBoards PHP Lite SQL Injection Vulnerability, alex
Indexes:	[Date] [Thread] [Top] [All Lists]