|
|
On Fri, 11 Jul 2008 18:22:45 +0200
Joerg Sonnenberger <joerg@xxxxxxxxxxxxxxxxx> wrote:
> On Fri, Jul 11, 2008 at 11:00:21AM -0500, Jeremy C. Reed wrote:
> > As a quick test, I did the following:
>
> I'm not sure if directly randomising the port is a good idea.
> I think it should at least be a random shuffle for the same reason
> that the TCP sequence numbers are not using a direct PRNG.
I don't see the similarity. For sequence numbers, there's a
requirement in the RFC for a 4 microsecond counter; there's also
analysis concerning defense against old packets lying around the
network.
The possible issue here is consecutive use of the same port number; I
don't think it's a real concern.
> Note that
> a random shuffle also avoids most of the motivation for moving to a
> sequential numbers, at least if short living connections are
> concerned.
>
I don't understand.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
|
|