login
Login
/
Register
Search
Search this site:
Forums
News
Blogs
Features
Site
Home
»
Mailing list archives
»
linux-netdev
»
2007
»
October
»
18
Re: TCP port randomization
view
thread
Previous message: [
thread
] [
date
] [
author
]
Next message: [thread] [
date
] [
author
]
[view in full thread]
From: Krzysztof Oledzki
Subject:
Re: TCP port randomization
Date: Thursday, October 18, 2007 - 3:29 am
On Wed, 17 Oct 2007, Stephen Hemminger wrote:
quoted text
> On Thu, 18 Oct 2007 00:31:13 +0200 (CEST) > Krzysztof Oledzki <olel@ans.pl> wrote: > >> >> >> On Wed, 17 Oct 2007, Stephen Hemminger wrote: >> >>> On Wed, 17 Oct 2007 23:15:48 +0200 (CEST) >>> Krzysztof Oledzki <olel@ans.pl> wrote: >>> >>>> Hello, >>>> >>>> Is it normal that TCP port randomization (tested with 2.6.22) works on=
ly
quoted text
>>>> when explicitly binding to a IP address: >>>> >>>> >>>> --- cut here --- >>>> root@fw1:~# nc 192.168.129.28 11 >>>> (UNKNOWN) [192.168.129.28] 11 (systat) : Connection refused >>>> root@fw1:~# nc 192.168.129.28 11 >>>> (UNKNOWN) [192.168.129.28] 11 (systat) : Connection refused >>>> root@fw1:~# nc 192.168.129.28 11 >>>> (UNKNOWN) [192.168.129.28] 11 (systat) : Connection refused >>>> >>>> 23:11:11.896126 IP 192.168.129.2.37839 > 192.168.129.28.11: S >>>> 23:11:12.146573 IP 192.168.129.2.37840 > 192.168.129.28.11: S >>>> 23:11:12.396488 IP 192.168.129.2.37841 > 192.168.129.28.11: S >>>> --- cut here --- >>>> >>>> >>>> --- cut here --- >>>> root@fw1:~# nc -s 192.168.129.2 192.168.129.28 11 >>>> (UNKNOWN) [192.168.129.28] 11 (systat) : Connection refused >>>> root@fw1:~# nc -s 192.168.129.2 192.168.129.28 11 >>>> (UNKNOWN) [192.168.129.28] 11 (systat) : Connection refused >>>> root@fw1:~# nc -s 192.168.129.2 192.168.129.28 11 >>>> (UNKNOWN) [192.168.129.28] 11 (systat) : Connection refused >>>> >>>> 23:11:31.704391 IP 192.168.129.2.57204 > 192.168.129.28.11: S >>>> 23:11:34.400048 IP 192.168.129.2.14512 > 192.168.129.28.11: S >>>> 23:11:34.606707 IP 192.168.129.2.20117 > 192.168.129.28.11: S >>>> --- cut here --- >>>> >>>> Best regards, >>>> >>>> =09=09=09=09Krzysztof Ol=EAdzki >>> >>> It is a expected side effect. >> >> So it is not possible to use randomization without binding to a specific >> srcip? >> >>> The starting point for the search >>> is based on hash(srcaddr, dstaddr, dstport, secret). >>> You are using same source, dest and port so yes it will stay >>> the same until rekeying occurs. >>> The secret only changes every 5min same as TCP initial sequence number. >> >> If I get it right, even with explicitly selected constant srcaddr port >> numbers should simply increase? This is not what I observed. >> >> > When you set srcaddr, it calls bind, and bind does randomization always > independent of address. > > This existing behavior may seem odd, but it shouldn't present a security > problem.
Right. Thank you very much for the explanation. Best regards, =09=09=09=09Krzysztof Ol=EAdzki
Previous message: [
thread
] [
date
] [
author
]
Next message: [thread] [
date
] [
author
]
Messages in current thread:
TCP port randomization
, Krzysztof Oledzki
, (Wed Oct 17, 2:15 pm)
Re: TCP port randomization
, Stephen Hemminger
, (Wed Oct 17, 3:08 pm)
Re: TCP port randomization
, Krzysztof Oledzki
, (Wed Oct 17, 3:31 pm)
Re: TCP port randomization
, Stephen Hemminger
, (Wed Oct 17, 3:34 pm)
Re: TCP port randomization
, Krzysztof Oledzki
, (Thu Oct 18, 3:29 am)
Navigation
Mailing list archives
Recent posts
Popular discussions
linux-kernel
:
Greg KH
Og dreams of kernels
Jens Axboe
[PATCH 31/33] Fusion: sg chaining support
Arnd Bergmann
Re: finding your own dead "CONFIG_" variables
Mark Brown
[PATCH 2/2] Subject: natsemi: Allow users to disable workaround for DspCfg reset
