Am 16.05.2022 10:20 schrieb Elias Carter:
One possible advantage of randomizing source ports is that it helps
prevent fingerprinting of the devices behind the NAT? Are there any
other reasons?
Back in the days outgoing (tcp) connections had predictable port
numbers,
sequence numbers, time based stamps of kinds and so on. This did change
like "let's random all the things" and this was not only against
fingerprinting
but actual hijack/connection killing attacks.
So I cannot tell (recall) but randomizing in nat-to will bring those
attacks
down even for "naive" stacks sending from behind the pf gateway.
I cannot recall many applications from 20y ago that have been very keen
on sending from certain ports (besides IKE already mentioned by JJ).
This "pattern" came in later on with "let's udp all the things" ;-)
HTH,
--
pb
