tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Source port randomisation on NetBSD?



On Mon, Oct 25, 2010 at 02:07:03PM +0200, Stephane Bortzmeyer wrote:
> On Mon, Oct 25, 2010 at 01:55:27PM +0200,
>  Geert Hendrickx <ghen%telenet.be@localhost> wrote 
>  a message of 20 lines which said:
> 
> > You can use ipnat on an individual host as well (implementing "PAT",
> > or Port Address Translation, rather than NAT).
> 
> As a way of obfuscating the source port number, it seems a very
> baroque technique. 

It doesn't strike me as tremendously elegant, but neither does this
botch of a standards document.

> Certainly, choosing the source port number should be done by
> the kernel, not by a third-party.

Where did you get the idea that ipf was not in the kernel?

Thor


Home | Main Index | Thread Index | Old Index