Re: randomize source port

To: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Subject: Re: randomize source port
From: "Steven M. Bellovin" <smb%cs.columbia.edu@localhost>
Date: Fri, 11 Jul 2008 12:46:24 -0400

On Fri, 11 Jul 2008 18:22:45 +0200
Joerg Sonnenberger <joerg%britannica.bec.de@localhost> wrote:

> On Fri, Jul 11, 2008 at 11:00:21AM -0500, Jeremy C. Reed wrote:
> > As a quick test, I did the following:
> 
> I'm not sure if directly randomising the port is a good idea.
> I think it should at least be a random shuffle for the same reason
> that the TCP sequence numbers are not using a direct PRNG.

I don't see the similarity.  For sequence numbers, there's a
requirement in the RFC for a 4 microsecond counter; there's also
analysis concerning defense against old packets lying around the
network.

The possible issue here is consecutive use of the same port number; I
don't think it's a real concern.

> Note that
> a random shuffle also avoids most of the motivation for moving to a
> sequential numbers, at least if short living connections are
> concerned.
> 
I don't understand.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Follow-Ups:
- Re: randomize source port
  - From: Joerg Sonnenberger

References:
- randomize source port
  - From: Jeremy C. Reed
- Re: randomize source port
  - From: Joerg Sonnenberger

Prev by Date: Re: randomize source port
Next by Date: Re: randomize source port
Previous by Thread: Re: randomize source port
Next by Thread: Re: randomize source port
Indexes:

Home | Main Index | Thread Index | Old Index