[CentOS] UDP Constant IP Identification Field Fingerprinting Vulnerability
James B. Byrne
byrnejb at harte-lyne.ca
Tue Jun 28 13:46:16 UTC 2016
On Mon, June 27, 2016 12:29, Gordon Messmer wrote:
> On 06/26/2016 01:50 PM, James B. Byrne wrote:
>> However, all I am seeking is knowledge on how to handle this using
>> iptables. I am sure that this defect/anomaly has already been
>> solved wherever it is an issue. Does anyone have an example on
>> how to do this?
>
>
> I think the bit you're missing is that you don't have to address every
> detail that your auditors send you. You can label an item a false
> positive. You can respond that you are aware, and that you don't
> consider an item to be a security defect. Fingerprinting is an
> excellent example thereof. As was already noted, the IP ID field is
> just one of many aspects of IP networking that can be used to identify
> Linux systems. If you don't address them all, addressing one is not a
> useful exercise.
I understand WRT false positive flagging. And that is exactly what I
have done. However, the PCI DSS report piqued my interest in this
matter and I thought to satisfy my curiosity. The other stuff flagged
in the report seemed a little far-fetched to me. At least the
explanation of why they were flagged did.
As none of them affect our PCI status I have no interest in the rest.
This one however I was previously unaware and so I wanted to discover
more about it.
Thank you for the information and especially for the references.
Sincerely,
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the CentOS
mailing list