[CentOS] UDP Constant IP Identification Field Fingerprinting Vulnerability

Tue Jun 28 13:46:16 UTC 2016
James B. Byrne <byrnejb at harte-lyne.ca>

On Mon, June 27, 2016 12:29, Gordon Messmer wrote:
> On 06/26/2016 01:50 PM, James B. Byrne wrote:
>> However, all I am seeking is knowledge on how to handle this using
>> iptables.  I am sure that this defect/anomaly has already been
>> solved wherever it is an issue.  Does anyone have an example on
>> how to do this?
> I think the bit you're missing is that you don't have to address every
> detail that your auditors send you.  You can label an item a false
> positive.  You can respond that you are aware, and that you don't
> consider an item to be a security defect.  Fingerprinting is an
> excellent example thereof.  As was already noted, the IP ID field is
> just one of many aspects of IP networking that can be used to identify
> Linux systems.  If you don't address them all, addressing one is not a
> useful exercise.

I understand WRT false positive flagging.  And that is exactly what I
have done.  However, the PCI DSS report piqued my interest in this
matter and I thought to satisfy my curiosity.  The other stuff flagged
in the report seemed a little far-fetched to me. At least the
explanation of why they were flagged did.

As none of them affect our PCI status I have no interest in the rest.
This one however I was previously unaware and so I wanted to discover
more about it.

Thank you for the information and especially for the references.


***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3