From owner-cvs-all  Mon Nov 29 13:35:23 1999
Delivered-To: cvs-all@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id D8EC915457; Mon, 29 Nov 1999 13:35:19 -0800 (PST)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id NAA09413;
	Mon, 29 Nov 1999 13:35:19 -0800 (PST)
	(envelope-from dillon)
Date: Mon, 29 Nov 1999 13:35:19 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199911292135.NAA09413@apollo.backplane.com>
To: Dan Moschuk <dan@FreeBSD.ORG>
Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h
References: <199911281751.JAA40710@freefall.freebsd.org> <199911292104.NAA09106@apollo.backplane.com> <19991129161327.E2999@spirit.jaded.net> <19991129162129.F2999@spirit.jaded.net>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk


:| 
:| I will include that in my next patch (which will randomize source ports).
:
:Actually, is there really benefit in doing so?  
:
:It was suggested that we don't give users the option of randomizing or not,
:and to just "do it."
:
:-- 
:Dan Moschuk (TFreak!dan@freebsd.org)

    Randomizing is a relatively 'weak' security fix, especially in light of
    the severe restrictions on both pid and port number ranges.  Even with
    a good random number generator.  I don't particularly see why it should
    be imposed on everyone.  And, frankly, I *use* the fact that pid's tend
    to increment when I look at 'ps' and 'jobs -l' output just as a 
    double check, and I'm sure other people do to.

    Randomizing things like the TCP initial sequence number is more beneficial
    due to the larger sequence space, but still somewhat limited by 
    restrictions in the TCP protocol related to connection timeouts and
    the requirement that the initial sequence number be monotonically 
    increasing within the timeout period for new connections using 
    the same tuple (srcip,srcport,dstip,dstport).

    Probably the best overall solution is to use incrementing port numbers,
    guarentee a minimum time delay on port reuse, and then fully randomize
    the initial sequence number for the TCP connection.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message