tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: randomize source port

On Fri, Jul 11, 2008 at 12:46:24PM -0400, Steven M. Bellovin wrote:
> On Fri, 11 Jul 2008 18:22:45 +0200
> Joerg Sonnenberger <> wrote:
> > On Fri, Jul 11, 2008 at 11:00:21AM -0500, Jeremy C. Reed wrote:
> > > As a quick test, I did the following:
> > 
> > I'm not sure if directly randomising the port is a good idea.
> > I think it should at least be a random shuffle for the same reason
> > that the TCP sequence numbers are not using a direct PRNG.
> I don't see the similarity.  For sequence numbers, there's a
> requirement in the RFC for a 4 microsecond counter; there's also
> analysis concerning defense against old packets lying around the
> network.

Reusing the port number early increases both the chance of a collission
with an existing port and the chance that you can still hit the query id
case (for the special case of DNS).


Home | Main Index | Thread Index | Old Index