On Mon, June 27, 2016 12:29, Gordon Messmer wrote:
On 06/26/2016 01:50 PM, James B. Byrne wrote:
However, all I am seeking is knowledge on how to handle this using iptables. I am sure that this defect/anomaly has already been solved wherever it is an issue. Does anyone have an example on how to do this?
I think the bit you're missing is that you don't have to address every detail that your auditors send you. You can label an item a false positive. You can respond that you are aware, and that you don't consider an item to be a security defect. Fingerprinting is an excellent example thereof. As was already noted, the IP ID field is just one of many aspects of IP networking that can be used to identify Linux systems. If you don't address them all, addressing one is not a useful exercise.
I understand WRT false positive flagging. And that is exactly what I have done. However, the PCI DSS report piqued my interest in this matter and I thought to satisfy my curiosity. The other stuff flagged in the report seemed a little far-fetched to me. At least the explanation of why they were flagged did.
As none of them affect our PCI status I have no interest in the rest. This one however I was previously unaware and so I wanted to discover more about it.
Thank you for the information and especially for the references.
Sincerely,
-
James B. Byrne