going off on a tangent despite this being a really cool paper (sorry :)). There was another one on the topic (just a few days ago) by Amit Klein / Benny Pinkas: From IP ID to Device ID and Kaslr Bypass (Extended Version): https://arxiv.org/abs/1906.10478
This IP ID leak affects Windows, Linux (and Android) and allows fingerprinting across the network (no need for a browser). E.g if you were to switch to a different network etc. Onion routing (Tor) isn't affected but a MITM could track individual machines behind NAT or bust you through a VPN etc
They reverse engineered a per host random seed from network traffic on Windows and Linux, allowing fingerprinting, and more surprising, turned this into a KASLR break on Linux.
This IP ID leak affects Windows, Linux (and Android) and allows fingerprinting across the network (no need for a browser). E.g if you were to switch to a different network etc. Onion routing (Tor) isn't affected but a MITM could track individual machines behind NAT or bust you through a VPN etc
Linux implementation of (K)ASLR seems a source of controversy since some time. grsecurity[¹] has been raving about this for years: grsec: "KASLR: An Exercise in Cargo Cult Security" https://grsecurity.net/kaslr_an_exercise_in_cargo_cult_secur...
Most Linux servers are hopefully patched meanwhile. Android phones, or Android based WiFI/4G routers etc probably not so much.
Patch submitted by Amit Klein to LKML: "inet: update the IP ID generation algorithm to higher standards": https://lkml.org/lkml/2019/4/24/1717
___
Edit:
They reverse engineered a per host random seed from network traffic on Windows and Linux, allowing fingerprinting, and more surprising, turned this into a KASLR break on Linux.
see here: https://flak.tedunangst.com/post/random-ip-id-comments