Re: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft



Le Mon, 01 Sep 2008 02:44:35 -0300,
Fernando Gont <fernando.gont@xxxxxxxxx> a osé(e) écrire :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Folks,

We have published a revision of our IETF Internet-Draft about port
randomization. It is available at:
http://www.gont.com.ar/drafts/port-randomization/draft-ietf-tsvwg-port-rand
omization-02.txt (you can find the document in other fancy formats at:
http://www.gont.com.ar/drafts/port-randomization/index.html)


Hi,

I'm still wondering how much overhead algorithm #3 and #4 add ...
Did someone have done some tests ?

Cheers.

--
Jérôme Benoit aka fraggle
La Météo du Net - http://grenouille.com
OpenPGP Key ID : 9FE9161D
Key fingerprint : 9CA4 0249 AF57 A35B 34B3 AC15 FAA0 CB50 9FE9 161D

Attachment: pgp0dMWAo35Bg.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: [Full-disclosure] DNS and NAT (was: DNS and CheckPoint)
    ... port randomization: ... although no NAT vendor that wea**re aware of has ... suffer this problem because it preserves the source port. ... I compare the actual source port in foo.Alice to the ...
    (Full-Disclosure)
  • Re: Ephemeral port range (patch)
    ... While I haven't look match at the scheme proposed by Amit, I think there's a "flaw" with the algorithm: IP IDs need to be unique for. ... What's interesting is that when it comes to port randomization, IP ID randomization, and even timestamp randomization, the double-hash scheme seems to be the right solution. ... So this could limit the number of outgoing connections to about. ...
    (freebsd-net)
  • [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft
    ... We have published a revision of our IETF Internet-Draft about port ... awareness has been raised about a number of "blind" attacks ... that can be performed against the Transmission Control Protocol (TCP) ... the described port number randomization algorithms provide improved ...
    (Full-Disclosure)
  • [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft
    ... We have published a revision of our IETF Internet-Draft about port ... awareness has been raised about a number of "blind" attacks ... that can be performed against the Transmission Control Protocol (TCP) ... the described port number randomization algorithms provide improved ...
    (Full-Disclosure)
  • Overcome the STO-bug
    ... ROMPTR call of your choice. ... Now if a key is pressed the changed hash ... pressed the modified hash table of the key libs will be used. ... recalculate the ACPTR addresses if the content of the port the lib is ...
    (comp.sys.hp48)