Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 05-08-2013, 01:05 PM   #1
LQ Newbie
Registered: May 2013
Posts: 1

Rep: Reputation: Disabled
UDP IP Identification - fingerprinting

I am trying to run a PCI compliancy check on my server but it is failing for one reason.

UDP constant IP Identification field reveals host type

Risk: High (3)
Port: 139/tcp
Protocol: tcp
Threat ID: misc_udpipidzero

Details: 10/01/09
CVE 2002-0510
When sending packets which are not fragmented, the UDP implementation in Linux kernels sets the
Identification field in the IP header to a constant
value, namely zero. This behavior, when observed by a
remote user, can be used to determine that the operating
system is Linux. Knowledge of a remote operating system
gives potential attackers a starting point for planning an attack.
Now I am not even sure why port 139 is setting it off as I have my set my iptables rules to explicitly drop both udp and tcp on port 139 but it doesn't matter. Here is the iptables rule I am using to block that port in case I am doing it wrong.
iptables -A INPUT -p tcp --dport 139 -j DROP
iptables -A INPUT -p udp --dport 139 -j DROP
Has anyone heard of this problem before? Is there a kernel patch or module to remove this behavior? I am running Debian on a 2.6.32-5 kernel. Google searches have turned up little. I am stuck up against a wall here. Any point in the right direction would be most helpfull.
Old 05-09-2013, 02:25 PM   #2
Registered: May 2001
Posts: 29,371
Blog Entries: 55

Rep: Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555
Running a network vulnerability scanner on a target produces a lot of noise. See the vendor statement here: and the comment here:


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
UDP Constant IP Identification Field Fingerprinting MensaWater Linux - Security 4 07-10-2008 12:51 PM
Passive OS Fingerprinting stringZ Linux - Networking 1 07-09-2008 05:53 PM
os fingerprinting adityaj123 Linux - Security 5 03-17-2008 09:45 AM
block OS fingerprinting bentman78 Linux - Security 12 06-21-2004 08:47 AM
OS Fingerprinting and IPtables cirrusgr Linux - Networking 2 12-07-2002 06:48 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:29 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration