Nmap Development mailing list archives
Randomness in the source port number generation.
From: Goldstein101 <goldstein101 () gmail com>
Date: Thu, 27 Mar 2008 10:00:52 +0100
Hi! I sent this email to the linux kernel-dev list but I got no response. I guess that wasn't the right place to ask. I know this may not be the best place either but i've seen that many people on this list is familiar with Linux TCP/IP stack so here I go: My name is Xenia Medeiros and I am doing a bit of research on covert channels. The thing is that I need to know if kernel's "source port" generation for TCP and UDP packets is random, totally predictable or somewhere in the middle. It could be possible to embed n bits of data in that field if the kernel produced n totally random bits in the source port number, so even if there was some structure in them (like ports being > 1024), it would be possible to use it as a cover channel. I am asking here because I've tried to find papers on covert channels but none seems to cover the use of source ports. Could someone please tell me what is kernel's behaviour on this or indicate which particular piece of code handles the process? If you know other system's stack behaviour, I'd really appreciate the information. Thanks very much for your help. Regards. Xenia. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Randomness in the source port number generation. Goldstein101 (Mar 27)