On Tue, Jan 22, 2013 at 4:52 PM, Dan Wing <dw...@cisco.com> wrote: > draft-donley-behave-deterministic-cgn provides that functionality in > an attempt to help randomize ports (see RFC6056). However, because > the ports are fixed and there are relatively few ports, an attacker > can determine the ports by causing the victim to open a bunch > of TCP connections. This can be done by a bunch of "img src" tags > in an HTML-encoded email message, among other mechanisms. If the > hashing causes no logging, it creates a new requirement for a strong > audit trail of the CGN configuration.
I thought this was desirable behavior for a CGN since effective port prediction facilitates p2p nat traversal? Bear in mind that Windows XP uses a dynamic port range between 1024 and 5000 and allocates them linearly. Small range and trivially predictable. Were it practical to use this knowledge for much more than denial of service I tend to think we'd have noticed by now. Regards, Bill Herrin -- William D. Herrin ................ her...@dirtside.com b...@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
