Re: randomize source port

To: "Jeremy C. Reed" <reed%reedmedia.net@localhost>
Subject: Re: randomize source port
From: "Steven M. Bellovin" <smb%cs.columbia.edu@localhost>
Date: Fri, 11 Jul 2008 12:07:25 -0400

On Fri, 11 Jul 2008 11:00:21 -0500 (CDT)
"Jeremy C. Reed" <reed%reedmedia.net@localhost> wrote:

> As a quick test, I did the following:
> 
> --- in_pcb.c    5 May 2008 17:11:17 -0000       1.125
> +++ in_pcb.c    11 Jul 2008 15:33:49 -0000
> @@ -332,6 +332,8 @@
>                         mymax = swp;
>                 }
>  
> +               *lastport = mymax - (arc4random() % (mymax - mymin));
> +
>                 lport = *lastport - 1;
>                 for (cnt = mymax - mymin + 1; cnt; cnt--, lport--) {
>                         if (lport < mymin || lport > mymax)
> 
> 
How easy would it be to do a timing test?  For example, assume a simple
program that just counted how many UDP ports it could bind to in ten
seconds?  I expect some impact, but not a big one; arc4 is very cheap,
but measurement is always good.

More seriously -- when at boot time does urandom have enough entropy to
seed the PRNG?  I've had problems on some server systems with things
like that.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Follow-Ups:
- Re: randomize source port
  - From: Darren Reed
- Re: randomize source port
  - From: Jeremy C. Reed

References:
- randomize source port
  - From: Jeremy C. Reed

Prev by Date: randomize source port
Next by Date: Re: randomize source port
Previous by Thread: randomize source port
Next by Thread: Re: randomize source port
Indexes:

Home | Main Index | Thread Index | Old Index