Family: General --> Category: infos
Relative IP Identification number change Vulnerability Scan
Vulnerability Scan Summary
Relative IP Identification number change
Detailed Explanation for this Vulnerability Test
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
A possible hacker may use this feature to acertain traffic patterns
within your network. A few examples (not at all exhaustive) are:
1. A remote attacker can acertain if the remote host sent a packet
in reply to another request. Specifically, a possible hacker can use your
server as an unwilling participant in a blind portscan of another
2. A remote attacker can roughly acertain server requests at certain
times of the day. For instance, if the server is sending much more
traffic after business hours, the server may be a reverse proxy or
other remote access device. A possible hacker can use this information to
concentrate his/her efforts on the more critical machines.
3. A remote attacker can roughly estimate the number of requests that
a web server processes over a period of time.
Solution : Contact your vendor for a patch
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.