Random source ports in FreeBSD?
From: Danil V.Gerun (news_at_625.ru)
Date: 09/18/04
- Previous message: David D.W. Downey: "Re: Attacks on ssh port"
- Next in thread: Mike Silbersack: "Re: Random source ports in FreeBSD?"
- Reply: Mike Silbersack: "Re: Random source ports in FreeBSD?"
- Maybe reply: Mike Silbersack: "Re: Random source ports in FreeBSD?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 18 Sep 2004 23:22:48 +0400 To: freebsd-security@freebsd.org
Hello, all!
In the beginning I want to say, that this question seems to be a
security one, isn't it so?..
Recently I was googling for the subject and coulnd't find anything...
Even in the opennet.ru forum nobody answered me about this.
So, as far as I got to know, randomizing source ports in FreeBSD is
impossible now? (to be exact - is not implemented?)
It's very interesting to me - WHY is it so?
I mean - may be there are good reasons for not making all this?..
Anyway, I looked how it is done in OpenBSD and made a patch for
FreeBSD.
I've uploaded the patches for FreeBSD 4 and FreeBSD 5 here:
http://www.625.ru/rlsp/
Direct links:
http://www.625.ru/rlsp/in_pcb.c.patch.4
http://www.625.ru/rlsp/in_pcb.c.patch.5
It seems to be working on my 4.9 box =) - after recompiling the
kernel the system picks up a random port for making a connetion.
Especially - when I increase net.inet.ip.portrange.last, for
example, to value 20000. The ports become 'more random' :)
What the patch does: it creates a sysctl variable
net.inet.ip.random_lport, which is "off" by default.
When it is nonzero, the OpenBSD method is used in
sys/netinet/in_pcb.c (in in_pcbbind() in FreeBSD 4 and
in_pcbbind_setup() in FreeBSD 5) to pick up a source port.
Otherwize - the 'old' FreeBSD method is used.
The exact OpenBSD method for finding a free random port is used (but
that wasn't just copy-paste =)) ).
I don't have opportunity to test the FreeBSD 5 patch, but I tried to
analyze the patching results attentively (what I worry about - is
using the arc4random() function in FreeBSD 5...).
I'm eager to hear your opinions on all this, as I'm rather a newbie to
administrating FreeBSD (and especially - to 'hacking' the kernel).
If you find errors, please try to understand that this is the first
time I decided to change something 'so deep' in FreeBSD and decided to
make a patch for this ;-)) (but I tried to do my best to avoid errors)
Some information about this patch is here - http://www.625.ru/rlsp/
-- Best regards, Danil V. Gerun. danil@hate.spam.625.ru _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: David D.W. Downey: "Re: Attacks on ssh port"
- Next in thread: Mike Silbersack: "Re: Random source ports in FreeBSD?"
- Reply: Mike Silbersack: "Re: Random source ports in FreeBSD?"
- Maybe reply: Mike Silbersack: "Re: Random source ports in FreeBSD?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
