lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060322195824.9840.qmail@mystra.digital-network.net>
Date: Wed, 22 Mar 2006 20:58:23 +0100
From: GomoR <bugtraq@...or.org>
To: bugtraq@...urityfocus.com
Subject: Re: Linux zero IP ID vulnerability?


On Wed, Mar 15, 2006 at 10:26:00AM +0100, Marco Ivaldi wrote:
[..]
> Not sure i fully understand your comments... Anyway, here's an host
> showing the flawed behaviour (Gentoo Linux 2.6.14-gentoo-r5 + grsec):

Well, it may be related to GR security. 

SinFP[1] exploits a difference in IP ID generation to detect
(to some extent) the use of GR security inside a Linux kernel. 

In fact, last time I checked, there was an option in GRsec
configuration to alter IP ID generation behaviour. You can try
to play with this. 

[1] http://www.gomor.org/cgi-bin/index.pl?mode=view;page=net_sinfp 

 --
 ^  ___  ___             http://www.GomoR.org/          <-+
 | / __ |__/          Systems & Security Engineer         |
 | \__/ |  \     ---[ zsh$ alias psed='perl -pe ' ]---    |
 +-->  Net::Packet <=> http://search.cpan.org/~gomor/  <--+


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ