Randomness in the source port number generation.

[Goldstein101 <goldstein101 () gmail com>]

Hi!

I sent this email to the linux kernel-dev list but I got no response.
I guess that wasn't the right place to ask. I know this may not be the
best place either but i've seen that many people on this list is
familiar with Linux TCP/IP stack so here I go:

My name is Xenia Medeiros and I am doing a bit of research on covert
channels. The thing is that I need to know if kernel's "source port"
generation for TCP and UDP packets is random, totally predictable or
somewhere in the middle. It could be possible to embed n bits of data
in that field if the kernel produced n totally random bits in the
source port number, so even if there was some structure in them (like
ports being > 1024), it would be possible to use it as a cover
channel. I am asking here because I've tried to find papers on covert
channels but none seems to cover the use of source ports.

Could someone please tell me what is kernel's behaviour on this or
indicate which particular piece of code handles the process? If you
know other system's stack behaviour, I'd really appreciate the
information.

Thanks very much for your help.

Regards.

Xenia.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org