[Tor-BSD] random IP id thread
George Rosamond
george at ceetonetechnology.com
Thu Apr 3 21:55:43 EDT 2014
I assume others saw the thread about IP ID randomization on tor-relays.
The disclosure is here:
http://seclists.org/fulldisclosure/2014/Mar/414
Basically, an attacker can theoretically correlate the user and the
entry node they are using. And heck, it's bad practice anyway *not* to
randomize IP IDs.
It's default for a long while in OpenBSD, and there were multiple
rant-talks in years past by OpenBSD devs at various cons. It was past
due for it to be implemented, so to rant was completely logical.
FreeBSD is affected, up to at least 10.x as per Pete.
It is strongly recommended to set the relevant setting in /etc/sysctl.conf:
net.inet.ip.random_id=1
And give it a reboot... or do that plus without the reboot:
sysctl net.inet.ip.random_id=1
I'm still perplexed why it's not default on FreeBSD... I vaguely
remember some compatibility issues mentioned a long while ago. I pinged
talk@ and hopefully some FBSD dev will reply on it.
Or here...
g
More information about the Tor-BSD
mailing list