Re: UDP Constant IP Identification Field Fingerprinting Vulnerability
On Mon, June 27, 2016 12:29, Gordon Messmer wrote:
> On 06/26/2016 01:50 PM, James B. Byrne wrote:
>> However, all I am seeking is knowledge on how to handle this using
>> iptables. I am sure that this defect/anomaly has already been
>> solved wherever it is an issue. Does anyone have an example on
>> how to do this?
> I think the bit you're missing is that you don't have to address every
> detail that your auditors send you. You can label an item a false
> positive. You can respond that you are aware, and that you don't
> consider an item to be a security defect. Fingerprinting is an
> excellent example thereof. As was already noted, the IP ID field is
> just one of many aspects of IP networking that can be used to identify
> Linux systems. If you don't address them all, addressing one is not a
> useful exercise.
I understand WRT false positive flagging. And that is exactly what I
have done. However, the PCI DSS report piqued my interest in this
matter and I thought to satisfy my curiosity. The other stuff flagged
in the report seemed a little far-fetched to me. At least the
explanation of why they were flagged did.
As none of them affect our PCI status I have no interest in the rest.
This one however I was previously unaware and so I wanted to discover
more about it.
Thank you for the information and especially for the references.