tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Source port randomisation on NetBSD?
On Mon, Oct 25, 2010 at 02:07:03PM +0200, Stephane Bortzmeyer wrote:
> On Mon, Oct 25, 2010 at 01:55:27PM +0200,
> Geert Hendrickx <ghen%telenet.be@localhost> wrote
> a message of 20 lines which said:
>
> > You can use ipnat on an individual host as well (implementing "PAT",
> > or Port Address Translation, rather than NAT).
>
> As a way of obfuscating the source port number, it seems a very
> baroque technique.
It doesn't strike me as tremendously elegant, but neither does this
botch of a standards document.
> Certainly, choosing the source port number should be done by
> the kernel, not by a third-party.
Where did you get the idea that ipf was not in the kernel?
Thor
Home |
Main Index |
Thread Index |
Old Index