Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 05-08-2013, 02:05 PM   #1
LQ Newbie
Registered: May 2013
Posts: 1

Rep: Reputation: Disabled
UDP IP Identification - fingerprinting

I am trying to run a PCI compliancy check on my server but it is failing for one reason.

UDP constant IP Identification field reveals host type

Risk: High (3)
Port: 139/tcp
Protocol: tcp
Threat ID: misc_udpipidzero

Details: 10/01/09
CVE 2002-0510
When sending packets which are not fragmented, the UDP implementation in Linux kernels sets the
Identification field in the IP header to a constant
value, namely zero. This behavior, when observed by a
remote user, can be used to determine that the operating
system is Linux. Knowledge of a remote operating system
gives potential attackers a starting point for planning an attack.
Now I am not even sure why port 139 is setting it off as I have my set my iptables rules to explicitly drop both udp and tcp on port 139 but it doesn't matter. Here is the iptables rule I am using to block that port in case I am doing it wrong.
iptables -A INPUT -p tcp --dport 139 -j DROP
iptables -A INPUT -p udp --dport 139 -j DROP
Has anyone heard of this problem before? Is there a kernel patch or module to remove this behavior? I am running Debian on a 2.6.32-5 kernel. Google searches have turned up little. I am stuck up against a wall here. Any point in the right direction would be most helpfull.
Old 05-09-2013, 03:25 PM   #2
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
Running a network vulnerability scanner on a target produces a lot of noise. See the vendor statement here: and the comment here:


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
UDP Constant IP Identification Field Fingerprinting MensaWater Linux - Security 4 07-10-2008 01:51 PM
Passive OS Fingerprinting stringZ Linux - Networking 1 07-09-2008 06:53 PM
os fingerprinting adityaj123 Linux - Security 5 03-17-2008 10:45 AM
block OS fingerprinting bentman78 Linux - Security 12 06-21-2004 09:47 AM
OS Fingerprinting and IPtables cirrusgr Linux - Networking 2 12-07-2002 07:48 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:37 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration