[tor-relays] FreeBSD's global IP ID (was: Platform diversity in Tor network)
Philipp Winter
phw at nymity.ch
Thu Nov 6 13:52:28 UTC 2014
On Wed, Nov 05, 2014 at 04:04:41AM -0500, grarpamp wrote:
> 173 FreeBSD
FreeBSD still seems to use globally incrementing IP IDs by default.
That's an issue as it leaks fine-grained information about how many
packets a relay's networking stack processes. (However, nobody
investigated the exact impact on Tor relays so far, which makes this a
FUD-heavy topic.) It looks like approximately 50 out of the 131 FreeBSD
relays I tested (38%) use global IP IDs.
There's a sysctl variable called "net.inet.ip.random_id" which makes a
FreeBSD's IP ID behaviour random. FreeBSD relay operators should set
this to "1".
Note that this issue was already discussed earlier this year in a thread
called "Lots of tor relays send out sequential IP IDs; please fix
that!".
Cheers,
Philipp
More information about the tor-relays
mailing list