[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ping.

To: Can Altineller <altine@yacht.ee.fit.edu>
Subject: Re: ping.
From: Aaron Campbell <aaron@ug.cs.dal.ca>
Date: Wed, 9 Jun 1999 17:39:56 -0300 (ADT)
Cc: tech@openbsd.org, misc@openbsd.org

On Wed, 9 Jun 1999, Can Altineller wrote:

> 	In a ICMP_ECHO_REQUEST the identifier field is set to the PID of
> the process sending the ICMP_ECHO_REQUEST according to stevens book.
> 
> 	However in OpenBSD the identifier field is different every time
> that a ICMP_ECHO_REQUEST|REPLY is sent. In FreeBSD it is not the same, but
> it is sequential. (increases by one)

I believe you're confusing the IP datagram ID with the ID field in the ICMP
header. Recently a technique for spoofing port scans was described on the
BUGTRAQ mailing list that exploited the fact that most hosts incremented their
IP datagram ID by 1 for every packet sent (search the mailing list archive at
www.netspace.org for the complete description).

In response to this, OpenBSD's datagram IDs were randomized.

If you check our ping.c source file, you'll note:

icp->icmp_type = ICMP_ECHO;
icp->icmp_code = 0;
icp->icmp_cksum = 0;
icp->icmp_seq = htons(ntransmitted++);
icp->icmp_id = ident;			(ident set to getpid() & 0xFFF)

I believe this is precisely how the sample ping program in UNPv1 is
implemented.

  .  _  _  _ _ . .   _ _ .  . _  _  _ . .
 :  |-||-||<|_||\|  |_|-||\/||-'|->|_-|_|_  DalTech, Halifax, NS, Canada
  `---------------------------------------- [http://www.biodome.org/~fx] -

Follow-Ups:
- the thing about ping.
  - From: Can Altineller <altine@yacht.ee.fit.edu>

References:
- ping.
  - From: Can Altineller <altine@yacht.ee.fit.edu>

Prev by Date: Re: ping.
Next by Date: the thing about ping.
Prev by thread: Re: ping.
Next by thread: the thing about ping.
Index(es):
- Date
- Thread