Nessus reports non-random IP ID on Fedora Core 2
After a very long time, I decided to point the nessus scanners on my system... I was surprised to see nessus come up with this ..
Quote:
Scanned Win2K and this problem was detected. Unfortunately I do not have a FC1 on my network. Scanned Slackware 10 (2.4 kernel) and it did not come up with this problem. did some "googling" and found some SuSE reports dated 2001. Is this problem new to 2.6 kernels? My config is FC2, all patches current ( upto the minute :D ) Update 01: Found a FC1 upgraded to FC2 ... still running the 2.4 kernel and nessus did not report the above problem. Update 02: Ignore update 01. IPtables was running on the scanned system. The kernel was 2.6.5. Scanned again after disabling iptables. Surprisingly the "non-random IP ID" problem was not detected. Update 03: Scanned another FC2 system running 2.6.6 kernel and this problem was not detected. Update 04: Upgraded a FC2 system to latest kernel 2.6.7 and this problem was not detected. Something to do with my system??? |
I observed this behavior as well. I'm not sure if there is a bug in Nessus or truely a problem with Fedora's TCP/IP stack. I was going to re-run the Nessus check with only that test this weekend and try and get a tcpdump of the session in order to see if the IP ID's are truely non-random. If you want to do it, I'd be interested to see the output. Probably can get a bug report out of it.
|
Some more information:
Nessus version 2.0.12 Nessusd running on Slackware 10 kernel2.4 (patches current). My system has no listening processes. (cups listening only on local interface). Am running Folding@home (FAH) client, Mozilla, Firefox,Evolution, Gnome, cifs mounted WinShares, gaim ... I will run another nessus test after stopping the FAH client (once it finishes it current task). |
as I had expected, running a nessus scan without FAH Client running didn't make any difference. Nessus still reports non-random IP IDs ... only on my FC2 ... perhaps I need to get another FC2 ready, bring it up to the current patch level and run a scan on it.
|
All times are GMT -5. The time now is 01:07 PM. |