IP Identification - "Idlescan"

Alan Kennington ak.linuxsa at topology.org
Tue May 27 06:13:52 CST 2003

On Mon, May 26, 2003 at 10:45:53AM +0930, Mark Newton wrote:
> Building on last week's thread about sequential IP-ID numbers:  
> http://www.insecure.org/nmap/idlescan.html


At the risk of beating a dead horse, the linux "static IP ID" issue
has settled down and reached consensus in the ROHC mailing list.
The consensus is that compression of the linux static IP ID is not
important enough to justify an RFC update in itself. This update will
wait until there are more important matters that need to be updated.
They don't care if linux is right or wrong relative to RFC 791.
The ROHC people can see (like anyone else) that the linux interpretation
of RFC 791 may be judged as either right or wrong, depending on
whether your read RFC 791 literally or according to your interpretation
of its intent. (And I guess your interpretation depends on which team
you barrack for. Personally I believe that demonstrating a benefit from
breaking a law is a weak excuse for breaking a law. Beneficial outcomes
from breaking a law do not demonstrate that one's actions are lawful.
However, I don't argue that legality and goodness are co-extensive.)

A consequence of this is that for the next few years, linux originating
and terminating voice/video over IP traffic to/from G3 and G2.5 mobile
units will have an extra 2 bytes per packet which will be filled by zeros.

Another thing I could mention on this topic is that while doing my own
ROHC implementation, I've found that there is additional superfluous
overhead in linux originated/terminated VoIP (and video/IP) traffic
when compressed with ROHC which occurs when the TTL is frequently varying,
for example when there are 2 or more alternative paths between IP hosts.
It turns out that the linux static IP ID interacts badly with the ROHC protocol
in this case too, costing 3 extra bytes in about 50% of packet headers.
ROHC is blameworthy here. (The details are too complex for a linuxSA post...)

Alan Kennington.

PS. For those innocent bystanders who may be flummoxed by the term "ROHC",
it's RObust Header Compression, which is a sequence of IETF RFCs and
cellular mobile link layer adaptation standards which will be used
for the compression of all integerated IP traffic over 3G (and some or
all 2.5G) mobile telephony links. My links are here:
In view of the rise of linux as an OS for PDAs which are also mobile
IP terminals, the matter has some relevance to the future of linux
in such environments - both in the marketing sense of being savaged by
the opposition for being ROHC-unfriendly, and in the engineering sense
that PDA designers should be thinking about removing the static IP ID
for IP traffic out of G3-enabled linux PDAs. Luckily, the availablity
of source permits linux PDA designers to do this!

My impression of the progress of 3G is that it is definitely starting to 
happen, after a glacial start. Apparently it's taking off in Italy
- and the Isle of Man?? Does anyone have concrete news on the progress of
3G in Australia? And can you get linux-based 3G phones already.
I really can't be bothered to look this up in the Google encyclopedia.
What I want for Xmas is a Zaurus SL-xxxx linux PDA with 3G and a few working 
base stations in Adelaide. I bet Adelaide gets 3G after everyone else.

LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.freenode.net
To unsubscribe from the LinuxSA list:
  mail linuxsa-request at linuxsa.org.au with "unsubscribe" as the subject

More information about the linuxsa mailing list