Nessus & Cisco PIX non-random IP IDs

[Mark Ewert]

Greetings,   I’ve been running Nessus 2.08a scans against our Cisco PIX firewalls (running v6.3(1) PIX OS) and am getting Nessus ID: 10201 “The remote host uses non-random IP IDs, that is, it is possible to predict the next value of the ip_id field of the ip packets sent by this host.” – even though the PIX is supposed to randomize the IP IDs. I have verified the PIX’s do not have the norandomseq command in their configurations. Anyone have any ideas why this is coming up? Is it a false positive or perhaps a PIX or Nessus bug?   THANKS!   p.s. I did see the response to Eric’s question about non-random IPs on 10-03-2003 where the responder states that the PIX is supposed to randomize the sequence of the IDs.   --------------------------------------------- Mark F. Ewert, Principal Systems Architect Integrated Healthcare Information Services www.ihcis.com   This e-mail and the information transmitted within it is intended only for the recipient(s) to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of; or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please send the e-mail back to notify the sender and delete the message and its contents from any computers and network systems involved in its receipt. Thank you.