Date: Sat, 18 Sep 2004 23:22:48 +0400 From: Danil V.Gerun <news@625.ru> To: freebsd-security@freebsd.org Subject: Random source ports in FreeBSD? Message-ID: <621146771453.20040918232248@625.ru>
next in thread | raw e-mail | index | archive | help
Hello, all! In the beginning I want to say, that this question seems to be a security one, isn't it so?.. Recently I was googling for the subject and coulnd't find anything... Even in the opennet.ru forum nobody answered me about this. So, as far as I got to know, randomizing source ports in FreeBSD is impossible now? (to be exact - is not implemented?) It's very interesting to me - WHY is it so? I mean - may be there are good reasons for not making all this?.. Anyway, I looked how it is done in OpenBSD and made a patch for FreeBSD. I've uploaded the patches for FreeBSD 4 and FreeBSD 5 here: http://www.625.ru/rlsp/ Direct links: http://www.625.ru/rlsp/in_pcb.c.patch.4 http://www.625.ru/rlsp/in_pcb.c.patch.5 It seems to be working on my 4.9 box =) - after recompiling the kernel the system picks up a random port for making a connetion. Especially - when I increase net.inet.ip.portrange.last, for example, to value 20000. The ports become 'more random' :) What the patch does: it creates a sysctl variable net.inet.ip.random_lport, which is "off" by default. When it is nonzero, the OpenBSD method is used in sys/netinet/in_pcb.c (in in_pcbbind() in FreeBSD 4 and in_pcbbind_setup() in FreeBSD 5) to pick up a source port. Otherwize - the 'old' FreeBSD method is used. The exact OpenBSD method for finding a free random port is used (but that wasn't just copy-paste =)) ). I don't have opportunity to test the FreeBSD 5 patch, but I tried to analyze the patching results attentively (what I worry about - is using the arc4random() function in FreeBSD 5...). I'm eager to hear your opinions on all this, as I'm rather a newbie to administrating FreeBSD (and especially - to 'hacking' the kernel). If you find errors, please try to understand that this is the first time I decided to change something 'so deep' in FreeBSD and decided to make a patch for this ;-)) (but I tried to do my best to avoid errors) Some information about this patch is here - http://www.625.ru/rlsp/ -- Best regards, Danil V. Gerun. danil@hate.spam.625.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?621146771453.20040918232248>