patch-linux-m1 is a Linux kernel patch that randomizes IP id numbers to disallow IP id portscan. It's not fool-proof, it only randomizes 8 bits out of a total of 16 bits to avoid reusing ip ids to soon. What this means is that it takes 256 (or 255 if port was open) packets per port to a host with this patch rather than 1 packet. Given that packets can (and are) lost now and then on that horrible Internet it's even safer than it sounds.
· Can be turned off at compile and runtime (/proc/sys/net/ipv4/ip_random_id)
· Should work on all architectures.
· Not needed for 2.4.x since it has a better system for ip id randomness.
· I ran this on ftp.habets.pp.se for 180 days straight, after which the UPS failed which caused downtime. So it's stable.
Product's homepage
Requirements:
· Linux kernel 2.2.x
Find us on Google+
