Re: randomize source port

To: tech-net%NetBSD.org@localhost
Subject: Re: randomize source port
From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Date: Fri, 11 Jul 2008 19:14:32 +0200

On Fri, Jul 11, 2008 at 12:46:24PM -0400, Steven M. Bellovin wrote:
> On Fri, 11 Jul 2008 18:22:45 +0200
> Joerg Sonnenberger <joerg%britannica.bec.de@localhost> wrote:
> 
> > On Fri, Jul 11, 2008 at 11:00:21AM -0500, Jeremy C. Reed wrote:
> > > As a quick test, I did the following:
> > 
> > I'm not sure if directly randomising the port is a good idea.
> > I think it should at least be a random shuffle for the same reason
> > that the TCP sequence numbers are not using a direct PRNG.
> 
> I don't see the similarity.  For sequence numbers, there's a
> requirement in the RFC for a 4 microsecond counter; there's also
> analysis concerning defense against old packets lying around the
> network.

Reusing the port number early increases both the chance of a collission
with an existing port and the chance that you can still hit the query id
case (for the special case of DNS).

Joerg

References:
- randomize source port
  - From: Jeremy C. Reed
- Re: randomize source port
  - From: Joerg Sonnenberger
- Re: randomize source port
  - From: Steven M. Bellovin

Prev by Date: Re: randomize source port
Next by Date: Re: randomize source port
Previous by Thread: Re: randomize source port
Next by Thread: ARP message padding
Indexes:

Home | Main Index | Thread Index | Old Index