TCP RST attack (the cause of all that MD5-o-rama)

• Previous message (by thread): TCP RST attack (the cause of all that MD5-o-rama)
• Next message (by thread): TCP RST attack (the cause of all that MD5-o-rama)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

PWG> Date: Tue, 20 Apr 2004 19:24:37 -0400
PWG> From: Patrick W. Gilmore


PWG> Speaking of good randomization, does anyone have a good
PWG> algorithm to randomize ephemeral ports?  Obviously "pick
PWG> random number, see if port is open, if it is, repeat" is not
PWG> a good idea, especially on a busy host with lots of
PWG> connections.  I was thinking something like "pick 65K
PWG> random numbers on boot, store in file/array, cycle through".

I don't think we're even that far along.  If I'm reading FreeBSD
4.9 and NetBSD 1.6.2 source correctly,

	/usr/src/sys/netinet/in_pcb.c

tells all.


PWG> Does anyone know if / how modern OSes randomize ephemeral
PWG> ports?

AFAIK, sequential search is about it.  Try a port number, verify
that the src/dist ip+port combination is available, then go on to
the next lport if the guessed one is in use.


Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita

• Previous message (by thread): TCP RST attack (the cause of all that MD5-o-rama)
• Next message (by thread): TCP RST attack (the cause of all that MD5-o-rama)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]