From owner-freebsd-net@FreeBSD.ORG Mon Feb 12 15:37:15 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2F9C816A409 for ; Mon, 12 Feb 2007 15:37:15 +0000 (UTC) (envelope-from fernando@gont.com.ar) Received: from smtp1.xmundo.net (smtp1.xmundo.net [201.216.232.80]) by mx1.freebsd.org (Postfix) with ESMTP id D28A913C481 for ; Mon, 12 Feb 2007 15:37:14 +0000 (UTC) (envelope-from fernando@gont.com.ar) Received: from venus.xmundo.net (venus.xmundo.net [201.216.232.56]) by smtp1.xmundo.net (Postfix) with ESMTP id 727A6F0C45D for ; Mon, 12 Feb 2007 12:16:19 -0300 (ART) Received: from fgont.gont.com.ar (3-176-231-201.fibertel.com.ar [201.231.176.3]) (authenticated bits=0) by venus.xmundo.net (8.12.11.20060308/8.12.11) with ESMTP id l1CFGHMX002994 for ; Mon, 12 Feb 2007 12:16:18 -0300 Message-Id: <200702121516.l1CFGHMX002994@venus.xmundo.net> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Mon, 12 Feb 2007 12:16:12 -0300 To: freebsd-net@freebsd.org From: Fernando Gont Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-2.0.2 (venus.xmundo.net [201.216.232.56]); Mon, 12 Feb 2007 12:16:18 -0300 (ART) Subject: Ephemeral port selection X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 15:37:15 -0000 Folks, Looking at FreeBSD's TCP implementation, I see that by default, ephemeral ports are selected from the range 49152-65535. This means that only 15K ports out of the available 65K port range are used for ephemeral port selection. This has at least two implications: * Ephemeral ports are easier to predict (as you are picking them from a smaller range) * There is a higher chance of facing the interoperability problems described in Mike Silbersack's presentation at EuroBSDCon 2005 (http://www.silby.com/eurobsdcon05/eurobsdcon_silbersack.pdf). A first and small proposal would be to change the range of ephemeral port numbers to use the range 1024-65535. An array of bits could be maintained in memory to avoid the selection of ports that are used for services (e.g., X). We have also been working on an alternative port randomization scheme, that would help to avoid the problems described in Mike's presentation. Our work on the subject is available at: http://www.gont.com.ar/drafts/port-randomization/draft-larsen-tsvwg-port-randomization-01.txt We would be willing to provide patches for these things if there is interest in implementing the proposed changes (extending the port range and possibly implementing the RFC1948-like scheme for ephemeral port selection). Any comments will be more than welcome. Thanks, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1