mailing list archives
Re: Port Randomization: New revision of our IETF Internet-Draft
From: Fernando Gont <fernando.gont () gmail com>
Date: Sun, 07 Sep 2008 01:31:48 -0300
At 07:39 p.m. 03/09/2008, Jerome Benoit wrote:
We have published a revision of our IETF Internet-Draft about port
randomization. It is available at:
omization-02.txt (you can find the document in other fancy formats at:
I'm still wondering how much overhead algorithm #3 and #4 add ...
Did someone have done some tests ?
This is a good point.
Well....in the case of algorithm #3, that depends on the hash
function you use for F(). In the case of algorithm #4, that depends
on the hash function you use for F() and the hash function you use for G().
FWIW, Linux implements algorithm #3, so you could measure the
performance of that algorithm already.
P.S.: If you care about the performance implications, that's probably
because you are issuing a large number of connection requests. In
that case, algorithms #1 and #2 are probably not a choice, as they
are likely to lead to a large number of connection-id collisions.
And, if your connection requests are being issued to different hosts
or services, algorithm #4 will have a better port reuse frequency
that even the traditional BSD port selection algorithm, thus probably
avoiding some collisions that you would have experienced with the
traditional BSD port selection algorithm.
e-mail: fernando () gont com ar || fgont () acm org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/