From owner-freebsd-security@FreeBSD.ORG Sat Sep 18 19:23:15 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 49B4616A4CE for ; Sat, 18 Sep 2004 19:23:15 +0000 (GMT) Received: from h2.prohosting.com.ua (h2.prohosting.com.ua [217.16.18.181]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD15A43D41 for ; Sat, 18 Sep 2004 19:23:14 +0000 (GMT) (envelope-from news@625.ru) Received: from [194.84.94.11] (helo=[192.168.5.24]) by h2.prohosting.com.ua with esmtpa (Exim 4.42 (FreeBSD)) id 1C8kkN-000Jff-EH for freebsd-security@freebsd.org; Sat, 18 Sep 2004 23:19:49 +0400 Date: Sat, 18 Sep 2004 23:22:48 +0400 From: Danil V.Gerun Organization: Project 625.ru X-Priority: 3 (Normal) Message-ID: <621146771453.20040918232248@625.ru> To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - h2.prohosting.com.ua X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [26 6] X-AntiAbuse: Sender Address Domain - 625.ru X-Source: X-Source-Args: X-Source-Dir: Subject: Random source ports in FreeBSD? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Danil V.Gerun" List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Sep 2004 19:23:15 -0000 Hello, all! In the beginning I want to say, that this question seems to be a security one, isn't it so?.. Recently I was googling for the subject and coulnd't find anything... Even in the opennet.ru forum nobody answered me about this. So, as far as I got to know, randomizing source ports in FreeBSD is impossible now? (to be exact - is not implemented?) It's very interesting to me - WHY is it so? I mean - may be there are good reasons for not making all this?.. Anyway, I looked how it is done in OpenBSD and made a patch for FreeBSD. I've uploaded the patches for FreeBSD 4 and FreeBSD 5 here: http://www.625.ru/rlsp/ Direct links: http://www.625.ru/rlsp/in_pcb.c.patch.4 http://www.625.ru/rlsp/in_pcb.c.patch.5 It seems to be working on my 4.9 box =) - after recompiling the kernel the system picks up a random port for making a connetion. Especially - when I increase net.inet.ip.portrange.last, for example, to value 20000. The ports become 'more random' :) What the patch does: it creates a sysctl variable net.inet.ip.random_lport, which is "off" by default. When it is nonzero, the OpenBSD method is used in sys/netinet/in_pcb.c (in in_pcbbind() in FreeBSD 4 and in_pcbbind_setup() in FreeBSD 5) to pick up a source port. Otherwize - the 'old' FreeBSD method is used. The exact OpenBSD method for finding a free random port is used (but that wasn't just copy-paste =)) ). I don't have opportunity to test the FreeBSD 5 patch, but I tried to analyze the patching results attentively (what I worry about - is using the arc4random() function in FreeBSD 5...). I'm eager to hear your opinions on all this, as I'm rather a newbie to administrating FreeBSD (and especially - to 'hacking' the kernel). If you find errors, please try to understand that this is the first time I decided to change something 'so deep' in FreeBSD and decided to make a patch for this ;-)) (but I tried to do my best to avoid errors) Some information about this patch is here - http://www.625.ru/rlsp/ -- Best regards, Danil V. Gerun. danil@hate.spam.625.ru