Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets.

This closes a minor information leak which allows a remote observer to determine the rate at which the machine is generating packets, since the default behaviour is to increment a counter for each packet sent. Reviewed by: -net Obtained from: OpenBSD
author: kris <kris@FreeBSD.org> 2001-06-01 10:02:28 +0000
committer: kris <kris@FreeBSD.org> 2001-06-01 10:02:28 +0000
commit: e1524eb20ca44614d4942a0b92929a02e67dce44 (patch)
tree: 9bd8aa0fc8cabc5d0cc01510f30e42d4a12277e2 /sys/i386
parent: 83f8b7087fd25f91158a6a096fad46b33b513773 (diff)
download: FreeBSD-src-e1524eb20ca44614d4942a0b92929a02e67dce44.zip
FreeBSD-src-e1524eb20ca44614d4942a0b92929a02e67dce44.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/i386/conf/NOTES b/sys/i386/conf/NOTES
index fae6298..1485762 100644
--- a/sys/i386/conf/NOTES
+++ b/sys/i386/conf/NOTES
@@ -590,6 +590,13 @@ options 	IPFILTER_DEFAULT_BLOCK	#block all packets by default
 options 	IPSTEALTH		#support for stealth forwarding
 options 	TCPDEBUG
 
+# RANDOM_IP_ID causes the ID field in IP packets to be randomized
+# instead of incremented by 1 with each packet generated.  This
+# option closes a minor information leak which allows remote
+# observers to determine the rate of packet generation on the
+# machine by watching the counter.
+options		RANDOM_IP_ID
+
 # Statically Link in accept filters
 options		ACCEPT_FILTER_DATA
 options		ACCEPT_FILTER_HTTP
author	kris <kris@FreeBSD.org>	2001-06-01 10:02:28 +0000
committer	kris <kris@FreeBSD.org>	2001-06-01 10:02:28 +0000
commit	e1524eb20ca44614d4942a0b92929a02e67dce44 (patch)
tree	9bd8aa0fc8cabc5d0cc01510f30e42d4a12277e2 /sys/i386
parent	83f8b7087fd25f91158a6a096fad46b33b513773 (diff)
download	FreeBSD-src-e1524eb20ca44614d4942a0b92929a02e67dce44.zip FreeBSD-src-e1524eb20ca44614d4942a0b92929a02e67dce44.tar.gz