From owner-freebsd-security  Tue Apr 13  9:34:10 1999
Delivered-To: freebsd-security@freebsd.org
Received: from unix1.it-datacntr.louisville.edu (unix1.it-datacntr.louisville.edu [136.165.4.27])
	by hub.freebsd.org (Postfix) with ESMTP id C835314DE2
	for <freebsd-security@freebsd.org>; Tue, 13 Apr 1999 09:33:51 -0700 (PDT)
	(envelope-from k.stevenson@louisville.edu)
Received: from homer.louisville.edu (ktstev01@homer.louisville.edu [136.165.1.20])
	by unix1.it-datacntr.louisville.edu (8.8.8/8.8.7) with ESMTP id MAA22786;
	Tue, 13 Apr 1999 12:31:25 -0400
Received: (from ktstev01@localhost)
	by homer.louisville.edu (8.8.8/8.8.8) id MAA12030;
	Tue, 13 Apr 1999 12:31:25 -0400 (EDT)
Message-ID: <19990413123125.B25109@homer.louisville.edu>
Date: Tue, 13 Apr 1999 12:31:25 -0400
From: Keith Stevenson <k.stevenson@louisville.edu>
To: freebsd-security@freebsd.org
Cc: jared@puck.nether.net
Subject: Re: Sequential TCP port allocation?
References: <19990412120126.B15762@homer.louisville.edu> <199904131505.LAA21502@cc942873-a.ewndsr1.nj.home.com> <19990413113039.H17083@puck.nether.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <19990413113039.H17083@puck.nether.net>; from Jared Mauch on Tue, Apr 13, 1999 at 11:30:39AM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<A lot of comments about nmap and basic security snipped>

Ok, exactly what did all of that have to do with my question?  To restate:

FreeBSD 2.2.8-STABLE appears to allocate TCP ports in sequential order.  ISS
identifies this as a potential security issue.  My question is whether or not
a sysctl or other configuration parameter exists which causes TCP ports to be
allocated in a more random order.  Furthermore, does anyone know whether or not
FreeBSD 3.1-STABLE exhibits the same port allocation behavior as 2.2.8?

What I do not want is to participate in a debate over whether or not 
sequential port allocation is a "real" security exposure.

Regards,
--Keith Stevenson--

-- 
Keith Stevenson
System Programmer - Data Center Services - University of Louisville
k.stevenson@louisville.edu
PGP key fingerprint =  4B 29 A8 95 A8 82 EA A2  29 CE 68 DE FC EE B6 A0


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message