HTTP/2 302 date: Sat, 11 Oct 2025 20:50:52 GMT content-type: text/html; charset=utf-8 content-length: 0 vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With access-control-allow-origin: location: https://raw.githubusercontent.com/antirez/hping/master/docs/MORE-FUN-WITH-IPID cache-control: no-cache strict-transport-security: max-age=31536000; includeSubdomains; preload x-frame-options: deny x-content-type-options: nosniff x-xss-protection: 0 referrer-policy: no-referrer-when-downgrade content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ server: github.com x-github-request-id: BF9A:E3EA6:A122AE:D3F736:68EAC32C HTTP/2 200 cache-control: max-age=300 content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox content-type: text/plain; charset=utf-8 etag: W/"a0b663bc16f7a491826dfee47977551af0872b87a7f27f5eac910cf18ad16912" strict-transport-security: max-age=31536000 x-content-type-options: nosniff x-frame-options: deny x-xss-protection: 1; mode=block x-github-request-id: CD9E:8C75B:1776B0:3B1056:68EAC32C content-encoding: gzip accept-ranges: bytes date: Sat, 11 Oct 2025 20:50:53 GMT via: 1.1 varnish x-served-by: cache-bom-vanm7210084-BOM x-cache: MISS x-cache-hits: 0 x-timer: S1760215853.883296,VS0,VE333 vary: Authorization,Accept-Encoding access-control-allow-origin: * cross-origin-resource-policy: cross-origin x-fastly-request-id: 175b423149d7daeec4f56e4781784b7b1ab39648 expires: Sat, 11 Oct 2025 20:55:53 GMT source-age: 0 content-length: 726 Posted to bugtraq mailing list (20 Nov 1999): --- Hi, some little new ideas about IP ID issue: The first is about linux firewalling: since it increase IP ID global counter even if an outgoing packet will be filtered we are able, for example, to scan UDP ports even if ICMP type 3 output is DENY, and in general it is possibleto know when TCP/IP stack reply a packet even if the reply is dropped. I think (but not tested) that this is true for almost all firewalls. The second issue concern the ability to uncover firewall rules. For example it is travial to know if host A filter packets from the IP X.Y.Z.W monitoring IP ID incresing of host A or host with X.Y.Z.W address (this changes if we are interested to know input or output rules) and sending packets that suppose some reply. Also this is related with the ability to scan the ports of hosts that drop all packets with a source different than host.trusted.com. There are others stuff like this but they are only different faces of the same concepts. Some people thinks that this kind of attacks isn't a "real world" attacks, I'm strongly interested to know what's bugtraq readers opinion (IMO this kind of attacks are feasible and usefull for an attacker. For exaple the ability to scan the ports with only spoofed packets and the ability to guess remote hosts traffic are a lot real). ciao, antirez