Re: Source port randomisation on NetBSD?

To: Stephane Bortzmeyer <stephane+netbsd%bortzmeyer.org@localhost>
Subject: Re: Source port randomisation on NetBSD?
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Mon, 25 Oct 2010 08:10:27 -0400

On Mon, Oct 25, 2010 at 02:07:03PM +0200, Stephane Bortzmeyer wrote:
> On Mon, Oct 25, 2010 at 01:55:27PM +0200,
>  Geert Hendrickx <ghen%telenet.be@localhost> wrote 
>  a message of 20 lines which said:
> 
> > You can use ipnat on an individual host as well (implementing "PAT",
> > or Port Address Translation, rather than NAT).
> 
> As a way of obfuscating the source port number, it seems a very
> baroque technique. 

It doesn't strike me as tremendously elegant, but neither does this
botch of a standards document.

> Certainly, choosing the source port number should be done by
> the kernel, not by a third-party.

Where did you get the idea that ipf was not in the kernel?

Thor

References:
- Re: Source port randomisation on NetBSD?
  - From: Stephane Bortzmeyer
- Re: Source port randomisation on NetBSD?
  - From: John Nemeth
- Re: Source port randomisation on NetBSD?
  - From: Stephane Bortzmeyer
- Re: Source port randomisation on NetBSD?
  - From: Geert Hendrickx
- Re: Source port randomisation on NetBSD?
  - From: Stephane Bortzmeyer

Prev by Date: Re: Source port randomisation on NetBSD?
Next by Date: Re: Source port randomisation on NetBSD?
Previous by Thread: Re: Source port randomisation on NetBSD?
Next by Thread: Re: Source port randomisation on NetBSD?
Indexes:

Home | Main Index | Thread Index | Old Index