tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Source port randomisation on NetBSD?



On Sun, Oct 24, 2010 at 03:56:12PM +0200, Stephane Bortzmeyer wrote:
> Hello (and please copy me when replying, I'm not a subscriber of this
> mailing list.)
> 
> The Internet-Draft "Transport Protocol Port Randomization
> Recommendations" will be published as a RFC in a few days. Its current
> state is AUTH48, last reading before publication,
> <http://www.rfc-editor.org/queue.html#draft-ietf-tsvwg-port-randomization>.
> 
> It discusses at length the implementation of port randomization for all
> the free Unices and NetBSD is mentioned as the only one without this
> feature (Linux, FreeBSD, OpenBSD and OpenSolaris all have it). Why is it
> so? Why not using the FreeBSD code?


ipfilter/ipnat can do source port randomisation on NetBSD (since the
Kaminsky DNS issue).


        Geert


-- 
Geert Hendrickx  -=-  ghen%telenet.be@localhost  -=-  PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!


Home | Main Index | Thread Index | Old Index