Knoppix and nessus
George Toft
plug-discuss@lists.plug.phoenix.az.us
Fri, 09 Aug 2002 07:34:34 -0400
I ran nessus against Knoppix last night and noted this:
. Warning found on port general/tcp
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Nessus scans against a SuSE box and a Red Hat box did not yield this
message. Is this characteristic of Debian or did Knopper make a mistake
in building his kernal?
George