Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Non-random IP IDS (Nessus)

I was running some scans against some of my pix 515's and 2651 routers with Nessus (, and it told me the following text:

general/tcp (Security warning found)

"The remote host uses non-random IP IDs, that is, it is

possible to predict the next value of the ip_id field of

the ip packets sent by this host.

An attacker may use this feature to determine if the remote

host sent a packet in reply to another request. This may be

used for portscanning and other things.

Solution : Contact your vendor for a patch

Risk factor : Low"

What does this mean? and is this something that I should be concerned about?


Rose Miller

Cisco Employee

Re: Non-random IP IDS (Nessus)

I've never heard of an attack or anything else using this. As Nessus says, the "Risk factor: Low".

If it can only be used for port scans, and to be honest I can't see how it would help in that either, then there is little risk, since the PIX should only be configured to allow through specific ports anyway. Make sure you have your internal servers up to date with all software patches, etc, and only allow through those specific ports that need to be let through.

If you want to see if someone is port scanning your network, which can be a prelude to a more serious attack, then you can get an IDS system.