UDP Constant IP Identification Field Fingerprinting Vulnerability

[laurah]

Hi all,

Can someone help me to check if these vulnerabilities exist on various hosts? basically the IP_ID=0 and I need to construct a UDP packet to send while setting this ID to 0.

Does anyone have any ideas on how to do this? I have been looking at a few tools like hping/xprobe2 etc but I don't think they have what I'm looking for.

This is a Qualys result. Let me know if anyone has a clue about this
Thanks.

[ajohnson]

Scapy: http://www.secdev.org/projects/scapy/

Maybe PackETH if you prefer a GUI.
Linux: http://packeth.sourceforge.net/
Windows Port: http://eth.cyberine.com/

[laurah]

Thanks mate will try those now

[ajohnson]

I should have mentioned that you need to be familiar with Python in order to use Scapy. If you aren't, it looks like PackETH can generate the traffic you need.

[laurah]

hi ya, that's fine, both look like good tools. Is there a way of setting the id header of the IP to 0?
I'm just looking to do this for the UDP packet involved.
Any help would be appreciated!

[MaXe]

There's no ID Header field in UDP packets:
http://www.trainsignal.com/blog/networking-basics-tcp-udp-tcpip-osi-models

There is however, such a field in IPv4:
http://en.wikipedia.org/wiki/IPv4#Header

What this means is, it doesn't matter if you use TCP or UDP to set the IP ID, but I do suggest without any offense intended, that you read up on TCP/IP basics.

NMAP checks the IP ID automatically for you btw and I strongly suggest you start using that if you don't and perhaps only use automated tools.

[laurah]

No offence taken, although I've been reading about TCP/IP for years Thanks for your advice, I use Nmap quite regularly.
Thanks alsot