|
|
On Fri, Jul 11, 2008 at 12:46:24PM -0400, Steven M. Bellovin wrote:
> On Fri, 11 Jul 2008 18:22:45 +0200
> Joerg Sonnenberger <joerg@xxxxxxxxxxxxxxxxx> wrote:
>
> > On Fri, Jul 11, 2008 at 11:00:21AM -0500, Jeremy C. Reed wrote:
> > > As a quick test, I did the following:
> >
> > I'm not sure if directly randomising the port is a good idea.
> > I think it should at least be a random shuffle for the same reason
> > that the TCP sequence numbers are not using a direct PRNG.
>
> I don't see the similarity. For sequence numbers, there's a
> requirement in the RFC for a 4 microsecond counter; there's also
> analysis concerning defense against old packets lying around the
> network.
Reusing the port number early increases both the chance of a collission
with an existing port and the chance that you can still hit the query id
case (for the special case of DNS).
Joerg
|
|