Yuck. Following up to my own post.
I realize I wasn't clear on what "good" random numbers mean in IP ID
fields. To most people concerned about security, it means "not
incrementing." The problem with incrementing IP IDs of course being
the ability to do spoofed port scans on a quiescent server. Not using
incrementing IP IDs, using random ones when you need to and constant
(the 0 ones you observed) ones when DF is set, prevents these kinds of
scans.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
