A Taxonomy and Comparative Analysis of IPv4 Identifier Selection Correctness, Security, and Performance
For network security researchers and OS developers, this work provides a systematic taxonomy and comparative analysis to guide secure IPID selection, though it is an incremental synthesis of known exploits and methods.
This paper taxonomizes 25 years of IPv4 Identifier (IPID) exploits and selection methods, mathematically analyzing correctness and security while empirically evaluating performance. It reveals best practices and shortcomings in current OS implementations, emphasizing the value of systematic evaluations in network security.
The battle for a more secure Internet is waged on many fronts, including the most basic of networking protocols. Our focus is the IPv4 Identifier (IPID), an IPv4 header field as old as the Internet with an equally long history as an exploited side channel for scanning network properties, inferring off-path connections, and poisoning DNS caches. This article taxonomizes the 25-year history of IPID-based exploits and the corresponding changes to IPID selection methods. By mathematically analyzing these methods' correctness and security and empirically evaluating their performance, we reveal recommendations for best practice as well as shortcomings of current operating system implementations, emphasizing the value of systematic evaluations in network security.