tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: randomize source port



On Fri, 11 Jul 2008 18:22:45 +0200
Joerg Sonnenberger <joerg%britannica.bec.de@localhost> wrote:

> On Fri, Jul 11, 2008 at 11:00:21AM -0500, Jeremy C. Reed wrote:
> > As a quick test, I did the following:
> 
> I'm not sure if directly randomising the port is a good idea.
> I think it should at least be a random shuffle for the same reason
> that the TCP sequence numbers are not using a direct PRNG.

I don't see the similarity.  For sequence numbers, there's a
requirement in the RFC for a 4 microsecond counter; there's also
analysis concerning defense against old packets lying around the
network.

The possible issue here is consecutive use of the same port number; I
don't think it's a real concern.

> Note that
> a random shuffle also avoids most of the motivation for moving to a
> sequential numbers, at least if short living connections are
> concerned.
> 
I don't understand.



                --Steve Bellovin, http://www.cs.columbia.edu/~smb


Home | Main Index | Thread Index | Old Index