Nessus is saying something bogus to you.
> Is there some option to dinamically enable this random IP ID's, or I need to
> change something and recompile, or just "No way!"?
Ip IDs only matter when packets can be fragmented. If the packet
cannot be fragmented, the Ip ID field serves no purpose. Whatever the
nessus thing did to test this, it used a IP packet to/from the linux
box which had the "Don't Fragment" bit set in the IP header, which as
a consequence means the ID field is meaningless.
If the "don't fragment" bit were not set, and fragmentation was
possible, Linux will use a randomized ID field. The nessus folks
need to fix their test.
Later,
David S. Miller
davem@redhat.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/