[69859] in North American Network Operators' Group
Re: TCP RST attack (the cause of all that MD5-o-rama)
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Wed Apr 21 00:57:12 2004
Date: Wed, 21 Apr 2004 04:56:18 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: "Patrick W.Gilmore" <patrick@ianai.net>
Cc: nanog@merit.edu
In-Reply-To: <E427C809-9321-11D8-B101-000A9578BB58@ianai.net>
Errors-To: owner-nanog-outgoing@merit.edu
PWG> Date: Tue, 20 Apr 2004 19:24:37 -0400
PWG> From: Patrick W. Gilmore
PWG> Speaking of good randomization, does anyone have a good
PWG> algorithm to randomize ephemeral ports? Obviously "pick
PWG> random number, see if port is open, if it is, repeat" is not
PWG> a good idea, especially on a busy host with lots of
PWG> connections. I was thinking something like "pick 65K
PWG> random numbers on boot, store in file/array, cycle through".
I don't think we're even that far along. If I'm reading FreeBSD
4.9 and NetBSD 1.6.2 source correctly,
/usr/src/sys/netinet/in_pcb.c
tells all.
PWG> Does anyone know if / how modern OSes randomize ephemeral
PWG> ports?
AFAIK, sequential search is about it. Try a port number, verify
that the src/dist ip+port combination is available, then go on to
the next lport if the guessed one is in use.
Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
