nanog mailing list archives
Re: TCP RST attack (the cause of all that MD5-o-rama)
From: "E.B. Dreger" <eddy+public+spam () noc everquick net>
Date: Wed, 21 Apr 2004 04:56:18 +0000 (GMT)
PWG> Date: Tue, 20 Apr 2004 19:24:37 -0400 PWG> From: Patrick W. Gilmore PWG> Speaking of good randomization, does anyone have a good PWG> algorithm to randomize ephemeral ports? Obviously "pick PWG> random number, see if port is open, if it is, repeat" is not PWG> a good idea, especially on a busy host with lots of PWG> connections. I was thinking something like "pick 65K PWG> random numbers on boot, store in file/array, cycle through". I don't think we're even that far along. If I'm reading FreeBSD 4.9 and NetBSD 1.6.2 source correctly, /usr/src/sys/netinet/in_pcb.c tells all. PWG> Does anyone know if / how modern OSes randomize ephemeral PWG> ports? AFAIK, sequential search is about it. Try a port number, verify that the src/dist ip+port combination is available, then go on to the next lport if the guessed one is in use. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita
Current thread:
- Re: TCP RST attack (the cause of all that MD5-o-rama), (continued)
- Re: TCP RST attack (the cause of all that MD5-o-rama) vijay gill (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) vijay gill (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Iljitsch van Beijnum (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Crist Clark (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Simon Lockhart (Apr 21)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Dan Hollis (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Paul Vixie (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Patrick W . Gilmore (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Valdis . Kletnieks (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Patrick W . Gilmore (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) E.B. Dreger (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Peter Galbavy (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) E.B. Dreger (Apr 21)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Crist Clark (Apr 21)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Valdis . Kletnieks (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Patrick W . Gilmore (Apr 21)