nanog mailing list archives
Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure
From: Henning Brauer <hb-nanog () bsws de>
Date: Thu, 13 May 2004 20:40:36 +0200
* Iljitsch van Beijnum <iljitsch () muada com> [2004-05-13 19:52]:
I don't think you can fully randomize the source port as it might clash with well-known ports.
of course. 1024 - 49151, on OpenBSD.
Also, it may be somewhat expensive to make ports truly random. (But not as expensive as doing MD5 for the whole session.)
We have randomized src ports in OpenBSD since 1996 - on all platforms, including vax and such. No, it is not expensive.
But why are you assuming the window size is 64k? This is completely unnecessary, and not done in practice by "real" routers: those typically use a 16k window. It should even be possible to set the window to a very small size, such as 64 bytes. That's enough to receive the initial BGP header, after which the window can be set to a larger size until the session is idle again.
In OpenBSD's bgpd, we only scale the window up of md5sig or ipsec is in use... -- Henning Brauer, BS Web Services, http://bsws.de hb () bsws de - henning () openbsd org Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Current thread:
- Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure David Krause (May 11)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Tony Li (May 11)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Todd Vierling (May 12)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Peter Galbavy (May 13)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Valdis . Kletnieks (May 13)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Todd Vierling (May 13)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Iljitsch van Beijnum (May 13)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Todd Vierling (May 13)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Henning Brauer (May 13)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Steven M. Bellovin (May 13)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Patrick W . Gilmore (May 13)
- RE: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Terry Baranski (May 19)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Iljitsch van Beijnum (May 13)