03-10-2003 11:25 AM - edited 02-20-2020 10:36 PM
When I scan the interface ip address of a PIX (version 6.2.2.111) with Nessus, I'm shown a Security Issue Warning refering to non-random ip id values in the ip_id field in IP packets. Some research indicates that this can be used for:
stealth os fingerprinting
anti-spoofing rule discovery
stealth scanning
Does the PIX use non-random ip id values?
Is this something that I should be concerned about?
If not what defense does the PIX have against these exploits.
Thanks in advance,
D.Sax
03-10-2003 05:21 PM
These aren't exploits. Exploits are used to compromise a host. These are information discovery techniques.
03-11-2003 05:47 AM
My mistake, you're right, this is an information discovery technique not a vulnerability. I still have some questions though:
Does the PIX use non-random ip id values?
Should I be concerned about this?
How does the PIX respond to this type of reconnaissance technique?
Can I or do I have to configure the PIX to defend against being used for or subject to this type of discovery?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide