Benefits and risks with Random ID Generation?
-
Hi all
I would like to discuss the pros and cons of this feature, what does it really do and why is it good and when is it a possible problem to use this function.
https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html?highlight=random%20id#ip-random-id-generation
-
@esnakk said in Benefits and risks with Random ID Generation?:
https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html?highlight=random%20id#ip-random-id-generation
If I'm understanding the link correctly, it's a fairly standard thing. Basically in the IP header there are some values (sequence numbers plus others) that can be used to make a guess at the sending OS. That feature simply randomizes things.
Think of it as the "random PID" option that FreeBSD and others have.
-
Yeah it's this: https://www.freebsd.org/cgi/man.cgi?query=pf.conf#TRAFFIC%09NORMALIZATION
Though there no more info there.I've never seen it cause a problem.
Steve