At 03:37 a.m. 04/03/2008, Mike Silbersack wrote:
While I haven't look match at the scheme proposed by Amit, I think
there's a "flaw" with the algorithm: IP IDs need to be unique for
{source IP, des IP, Protocol}. And the algorithm still keeps a
*global* IP ID. That means you'll cycle through t
On Mon, 3 Mar 2008, Fernando Gont wrote:
(Shame on me... somehow you mail got stuck in my queue, and I didn't respond
to it).
No sweat, I've taken far longer to reply to your e-mails!
While I haven't look match at the scheme proposed by Amit, I think there's a
"flaw" with the algorithm: IP
At 04:43 a.m. 03/03/2008, Mike Silbersack wrote:
Earlier in the week, I had commented (via private e-mail?) that I
thought that Amit Klein's algorithm which I recently implemented in
ip_id.c might be adapted to serve as an ephemeral port
allocator. Now that I've thought more about it, I'm not
On Sat, 1 Mar 2008, Fernando Gont wrote:
I will also start working on the double-hash ephemeral port selection
algorithm described in the draft (this is, IMHO, the right approach to
ephemeral port randomization)
Kind regards,
--
Fernando Gont
Earlier in the week, I had commented (via priv
At 09:49 p.m. 02/03/2008, you wrote:
+1 on increasing the threshold, 1024 is way too low.
With the current patch, I agree. I'm planning to implement the scheme
described in the port randomization internt-draft I referenced, and
implement the array-of-bits thing. That way you can exclude whic
+1 on increasing the threshold, 1024 is way too low.
Also consider the folk who depend on the existing behaviour: a
predictable ephemeral port range is useful, if for some reason you need
to apply a NAT policy to that traffic, with no other knowledge about how
the applications you must NAT act
Mike Silbersack wrote:
On Sat, 1 Mar 2008, Fernando Gont wrote:
Folks,
This patch changes the default ephemeral port range from 49152-65535
to 1024-65535. This makes it harder for an attacker to guess the
ephemeral ports (as the port number space is larger). Also, it makes
the chances of
On Sat, 1 Mar 2008, Mike Silbersack wrote:
On Sat, 1 Mar 2008, Fernando Gont wrote:
This patch changes the default ephemeral port range from 49152-65535 to
1024-65535. This makes it harder for an attacker to guess the ephemeral
ports (as the port number space is larger). Also, it makes the ch
At 08:42 p.m. 01/03/2008, Kevin Oberman wrote:
> This patch changes the default ephemeral port range from 49152-65535
> to 1024-65535. This makes it harder for an attacker to guess the
> ephemeral ports (as the port number space is larger). Also, it makes
> the chances of port number collisions
> Date: Sat, 01 Mar 2008 11:34:27 -0200
> From: Fernando Gont <[EMAIL PROTECTED]>
> Sender: [EMAIL PROTECTED]
>
> Folks,
>
> This patch changes the default ephemeral port range from 49152-65535
> to 1024-65535. This makes it harder for an attacker to guess the
> ephemeral ports (as the port num
On Sat, 1 Mar 2008, Fernando Gont wrote:
Folks,
This patch changes the default ephemeral port range from 49152-65535 to
1024-65535. This makes it harder for an attacker to guess the ephemeral ports
(as the port number space is larger). Also, it makes the chances of port
number collisions s
Folks,
This patch changes the default ephemeral port range from 49152-65535
to 1024-65535. This makes it harder for an attacker to guess the
ephemeral ports (as the port number space is larger). Also, it makes
the chances of port number collisions smaller.
(http://www.ietf.org/internet-drafts
12 matches
Mail list logo
