James B. Byrne
2016-Jun-28 13:46 UTC
[CentOS] UDP Constant IP Identification Field Fingerprinting Vulnerability
On Mon, June 27, 2016 12:29, Gordon Messmer wrote:> On 06/26/2016 01:50 PM, James B. Byrne wrote: >> However, all I am seeking is knowledge on how to handle this using >> iptables. I am sure that this defect/anomaly has already been >> solved wherever it is an issue. Does anyone have an example on >> how to do this? > > > I think the bit you're missing is that you don't have to address every > detail that your auditors send you. You can label an item a false > positive. You can respond that you are aware, and that you don't > consider an item to be a security defect. Fingerprinting is an > excellent example thereof. As was already noted, the IP ID field is > just one of many aspects of IP networking that can be used to identify > Linux systems. If you don't address them all, addressing one is not a > useful exercise.I understand WRT false positive flagging. And that is exactly what I have done. However, the PCI DSS report piqued my interest in this matter and I thought to satisfy my curiosity. The other stuff flagged in the report seemed a little far-fetched to me. At least the explanation of why they were flagged did. As none of them affect our PCI status I have no interest in the rest. This one however I was previously unaware and so I wanted to discover more about it. Thank you for the information and especially for the references. Sincerely, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3