Skip site navigation (1)Skip section navigation (2) 
Date:      13 Apr 1999 14:54:51 -0400
From:      Lowell Gilbert <lowell@world.std.com>
To:        Keith Stevenson <k.stevenson@louisville.edu>, freebsd-security@freebsd.org
Subject:   Re: Sequential TCP port allocation?
Message-ID:  <rd6hfqk1hc4.fsf@world.std.com>
In-Reply-To: Keith Stevenson's message of Tue, 13 Apr 1999 12:31:25 -0400
References:  <19990412120126.B15762@homer.louisville.edu> <199904131505.LAA21502@cc942873-a.ewndsr1.nj.home.com> <19990413113039.H17083@puck.nether.net> <19990413123125.B25109@homer.louisville.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
Keith Stevenson <k.stevenson@louisville.edu> writes:

> FreeBSD 2.2.8-STABLE appears to allocate TCP ports in sequential order.  ISS
> identifies this as a potential security issue.  My question is whether or not
> a sysctl or other configuration parameter exists which causes TCP ports to be
> allocated in a more random order.  Furthermore, does anyone know whether or not
> FreeBSD 3.1-STABLE exhibits the same port allocation behavior as 2.2.8?

Yes, it seems to, and while I haven't got the time at the moment to
understand this implementation in depth, it also seems as though
changing it to be "more random" might be, um, hard.  There is
(currently) no list kept of unused ports, so when nearly all of the
ports are in use, random sampling could behave very badly indeed in
terms of coming up with a port that wasn't already in use.  I wonder
if starting from a randomly-selected port and counting until you got
to an empty one would qualify as "random enough"...

> What I do not want is to participate in a debate over whether or not 
> sequential port allocation is a "real" security exposure.

Fair enough, but don't be surprised if the volunteers who you are
asking for help are more motivated to look at it if they think it's a
"real" problem.  

Be well.
        Lowell Gilbert


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?rd6hfqk1hc4.fsf>